CVE-2019-0344
published 2019-08-14CVE-2019-0344: Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2024-10-21
Exploited in the wild
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap_se | sap_commerce_cloud | < 6.4 | 6.4 |
| sap_se | sap_commerce_cloud | < 6.5 | 6.5 |
| sap_se | sap_commerce_cloud | < 6.6 | 6.6 |
| sap_se | sap_commerce_cloud | < 6.7 | 6.7 |
| sap_se | sap_commerce_cloud | < 1808 | 1808 |
| sap_se | sap_commerce_cloud | < 1811 | 1811 |
| sap_se | sap_commerce_cloud | < 1905 | 1905 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
cisa9.8CRITICAL