CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-0344

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score87.4640%
EPSS Percentile86.49th
Published2019年8月14日
Last Modified2025年10月31日

Vulnerability Description

Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.

Affected Platforms (CPE)

📦
Sap

Commerce Cloud

= 6.4
📦
Sap

Commerce Cloud

= 6.5
📦
Sap

Commerce Cloud

= 6.6
📦
Sap

Commerce Cloud

= 6.7
📦
Sap

Commerce Cloud

= 1808
📦
Sap

Commerce Cloud

= 1811
📦
Sap

Commerce Cloud

= 1905

References & Advisories

🔗 https://launchpad.support.sap.com/#/notes/2786035
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017
🔗 https://launchpad.support.sap.com/#/notes/2786035
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0344

関連する脆弱性情報

CVE-2021-214779.9

SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an a...

CVE-2019-03438.8

SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/...

CVE-2019-03227.5

SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an at...

CVE-2020-268107.5

SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a c...