← Zuruck zu CVEs
CVE-2019-0344
CRITICALCISA KEV9.8
Beschreibung
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht8/14/2019
Zuletzt geandert10/31/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerSAP
ProduktCommerce Cloud
SchwachstellennameSAP Commerce Cloud Deserialization of Untrusted Data Vulnerability
KEV Aufnahmedatum2024-09-30
Behebungsfrist2024-10-21
Ransomware-NutzungUnknown
Betroffene Produkte
sap:commerce_cloud
Schwachen (CWE)
CWE-502CWE-502
Referenzen
https://launchpad.support.sap.com/#/notes/2786035(cna@sap.com)
https://launchpad.support.sap.com/#/notes/2786035(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0344(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.