CVE-2019-0247Code Injection in SE SAP Cloud Connector

CWE-94Code Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.6%
top 31.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Cloud ConnectorSAP Cloud Connector
Timeline
PublishedJan 8
Latest updateMay 14

Description

SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDsap/cloud_connector< 2.11.3
CVEListV5sap_se/sap_cloud_connector< 2.11.3

🔴Vulnerability Details

2
GHSA
GHSA-xvr6-m6gq-m42f: SAP Cloud Connector, before version 22022-05-14
CVEList
CVE-2019-0247: SAP Cloud Connector, before version 22019-01-08
CVE-2019-0247 — Code Injection | cvebase