The discovery of three critical vulnerabilities, including CSS injection, file upload, and remote code execution in SAP Customer Experience (CX) commerce cloud and SAP Netweaver Application, with severity ratings ranging from 8.8 to 9.8, poses a significant threat
The vulnerabilities, assigned CVE-2019-17495 and CVE-2022-36364, allow exploitation by threat actors to gain control over the systems. Swagger UI and Apache Calcite Avatica library were identified as the vulnerable components, while patching was addressed in the HotNews update for May 2024 by SAP. The potential risks associated with these vulnerabilities necessitate immediate action, such as upgrading to the latest versions and applying relevant patches to mitigate the security concerns and prevent unauthorized system takeovers. https://cybersecuritynews.com/sap-netweaver-cx-commerce-flaw-patch/