VDB

CISA-2025-27434

CISA-2025-27434 PUBLISHED CVSS 8.8 HIGH

Reported by sap · Published March 11, 2025

Due to insufficient input validation, SAP Commerce (Swagger UI) allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a cross-site scripting (XSS) attack. This could lead to a high impact on the confidentiality, integrity, and availability of data in SAP Commerce.

Risk Scores

CVSS 3.1
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
SAP_SESAP Commerce (Swagger UI)COM_CLOUD 2211
SAP_SESAP Commerce (Swagger UI)COM_CLOUD 2211, COM_CLOUD 2211

Timeline

  • Mar 11, 2025 CVE Published
  • Feb 26, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›