CVE-2019-0343

CWE-94 — Code Injection3 documents3 sources

Severity

8.8HIGH

EPSS

0.5%

top 34.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Commerce Cloud (mediaconversion Extension)SAP Commerce Cloud

Timeline

PublishedAug 14

Latest updateMay 24

Description

SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sap_se/sap_commerce_cloud_(mediaconversion_extension)< 6.4+6

▶NVDsap/commerce_cloud7 versions+6

🔴Vulnerability Details

GHSA

GHSA-9wr2-hqp2-7rf5: SAP Commerce Cloud (Mediaconversion Extension), versions 6↗2022-05-24

▶

CVEList

CVE-2019-0343: SAP Commerce Cloud (Mediaconversion Extension), versions 6↗2019-08-14

▶