SAP this week released its latest set of security patches, which brings a total of 23 Security Notes, including five that address Hot News vulnerabilities.
The most important of the flaws is a missing XML validation vulnerability in SAP Commerce. Tracked as CVE-2020-6238 and featuring a CVSS score of 9.3, the bug could be exploited remotely and does not require authentication.
An attacker able to successfully exploit the security issue could read sensitive files and data from the system. In some limited scenarios, the attacker could even impact availability, Onapsis, a firm that specializes in securing SAP and Oracle software, reveals.