CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-0343

HIGH
8.8
CVSS Severity Score
EPSS Score0.1340%
EPSS Percentile6.20th
Published2019年8月14日
Last Modified2024年11月21日

Vulnerability Description

SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.

Affected Platforms (CPE)

📦
Sap

Commerce Cloud

= 6.4
📦
Sap

Commerce Cloud

= 6.5
📦
Sap

Commerce Cloud

= 6.6
📦
Sap

Commerce Cloud

= 6.7
📦
Sap

Commerce Cloud

= 1808
📦
Sap

Commerce Cloud

= 1811
📦
Sap

Commerce Cloud

= 1905

References & Advisories

🔗 https://launchpad.support.sap.com/#/notes/2786035
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017
🔗 https://launchpad.support.sap.com/#/notes/2786035
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017

相關漏洞威脅

CVE-2021-214779.9

SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an a...

CVE-2019-03449.8

Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, i...

CVE-2019-03227.5

SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an at...

CVE-2020-268107.5

SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a c...

CVE-2019-0343 Detail & Impact Analysis | CVSS 8.8 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space