Back to KEVs

CVE-2019-0344

Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to...

Basic Information

CVE State
PUBLISHED
Reserved Date
November 26, 2018
Published Date
August 14, 2019
Last Updated
October 04, 2024
Vendor
SAP SE
Product
SAP Commerce Cloud (virtualjdbc extension)
Description
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
Tags
cisa

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2024-09-30 00:00:00 UTC) Source

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 https://launchpad.support.sap.com/#/notes/2786035

Known Exploited Vulnerability Information

Source Added Date
CISA 2024-09-30 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel