- 지멘스-액센추어, 제조업 혁신 위한 공동 그룹 출범··· "전문가 7,000명 고용"
- Potential Nvidia chip shortage looms as Chinese customers rush to beat US sales ban
- These tech markets are taking the brunt of the new US tariffs - what that means for you
- JALを救ったSAKURAプロジェクト:50年ぶりの改革と復活の全貌
- IBM Cloud speeds AI workloads with Intel Gaudi 3 accelerators
SAP patches severe vulnerabilities in NetWeaver and Commerce apps

SAP Security Note #3569602 covers a cross-site scripting (XSS) vulnerability in SAP Commerce, stemming from security bugs in the open-source library swagger-ui bundled with the widely used middleware.
Tracked as CVE-2025-27434, the flawed explore feature of Swagger UI creates a potential mechanism for an unauthenticated attacker to inject malicious code from remote sources through a DOM-based XSS attack. Any potential victim would first need to be tricked into placing a malicious payload into an input field, potentially via social engineering trickery.
If successful, attackers would be able to breach the confidentiality, integrity, and availability of the application — earning the vulnerability a high CVSS score of 8.8.