CyberSec.Space Logo
Back to CVE Browser

CVE-2019-0344

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score87.4640%
EPSS Percentile86.49th
PublishedAug 14, 2019
Last ModifiedOct 31, 2025

Vulnerability Description

Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.

Affected Platforms (CPE)

πŸ“¦
Sap

Commerce Cloud

= 6.4
πŸ“¦
Sap

Commerce Cloud

= 6.5
πŸ“¦
Sap

Commerce Cloud

= 6.6
πŸ“¦
Sap

Commerce Cloud

= 6.7
πŸ“¦
Sap

Commerce Cloud

= 1808
πŸ“¦
Sap

Commerce Cloud

= 1811
πŸ“¦
Sap

Commerce Cloud

= 1905

References & Advisories

πŸ”— https://launchpad.support.sap.com/#/notes/2786035
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017
πŸ”— https://launchpad.support.sap.com/#/notes/2786035
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0344

Related Vulnerabilities

CVE-2021-214779.9

SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an a...

CVE-2019-03438.8

SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/...

CVE-2019-03227.5

SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an at...

CVE-2020-268107.5

SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a c...