Vulnerability Details CVE-2019-0344
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.341
EPSS Ranking 96.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Proposed Action
SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection.
Ransomware Campaign
Unknown
References
Products affected by CVE-2019-0344
-
cpe:2.3:a:sap:commerce_cloud:1808
-
cpe:2.3:a:sap:commerce_cloud:1811
-
cpe:2.3:a:sap:commerce_cloud:1905
-
cpe:2.3:a:sap:commerce_cloud:6.4
-
cpe:2.3:a:sap:commerce_cloud:6.5
-
cpe:2.3:a:sap:commerce_cloud:6.6
-
cpe:2.3:a:sap:commerce_cloud:6.7