CVE-2020-6238

Name of the Vulnerable Software and Affected Versions SAP Commerce versions 6.6, 6.7, 1808, 1811, 1905

Description The issue is related to the insecure processing of XML input in the Rest API from the Servlet xyformsweb, leading to Missing XML Validation. This affects the confidentiality and availability of SAP Commerce.

Recommendations For SAP Commerce versions 6.6, 6.7, 1808, 1811, 1905, update the software to a version that securely processes XML input in the Rest API. As a temporary workaround, consider restricting access to the vulnerable Servlet xyformsweb to minimize the risk of exploitation. Avoid using the vulnerable Rest API endpoint until the issue is resolved.