| |
Vulnerability CVE-2019-0308
Published: 2019-06-12
| Description: |
An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection. |
Type:
CWE-94 (Improper Control of Generation of Code ('Code Injection'))
CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
3.5/10 |
2.9/10 |
6.8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
https://launchpad.support.sap.com/#/notes/2773493
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
