- You can set ChatGPT as your default Android assistant now. Here's how
- LockBit Ransomware Developer Extradited to US
- I swapped Siri for Gemini on my iPhone - here's how it went
- IBM laying foundation for mainframe as ultimate AI server
- Switching to LED lightbulbs saved me hundreds of dollars - but here are 5 more reasons to do it
SAP patches severe vulnerabilities in NetWeaver and Commerce apps
SAP Security Note #3569602 covers a cross-site scripting (XSS) vulnerability in SAP Commerce, stemming from security bugs in the open-source library swagger-ui bundled with the widely used middleware.
Tracked as CVE-2025-27434, the flawed explore feature of Swagger UI creates a potential mechanism for an unauthenticated attacker to inject malicious code from remote sources through a DOM-based XSS attack. Any potential victim would first need to be tricked into placing a malicious payload into an input field, potentially via social engineering trickery.
If successful, attackers would be able to breach the confidentiality, integrity, and availability of the application — earning the vulnerability a high CVSS score of 8.8.
