Vulnerability CVE-2019-0344

Vulnerability CVE-2019-0344

Published: 2019-08-14

Description:

Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.

Type:

CWE-94

(Improper Control of Generation of Code ('Code Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
SAP -> Commerce cloud

References:

https://launchpad.support.sap.com/#/notes/2786035

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017

Copyright 2024, cxsecurity.com