2 matches found
CVE-2021-27619
SAP Commerce Backoffice Search, versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the...
CVE-2020-6238
SAP Commerce versions 6.6, 6.7, 1808, 1811, 1905 are affected by an insecure XML input handling flaw in the Rest API (Servlet xyformsweb), causing Missing XML Validation. The vulnerability affects confidentiality and availability (partially). Root cause: unvalidated XML input processing in the Re...