← Voltar para CVEs
CVE-2019-0344
CRITICALCISA KEV9.8
Descricao
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado8/14/2019
Ultima modificacao10/31/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorSAP
ProdutoCommerce Cloud
Nome da vulnerabilidadeSAP Commerce Cloud Deserialization of Untrusted Data Vulnerability
Data inclusao KEV2024-09-30
Prazo de remediacao2024-10-21
Uso em ransomwareUnknown
Produtos afetados
sap:commerce_cloud
Fraquezas (CWE)
CWE-502CWE-502
Referencias
https://launchpad.support.sap.com/#/notes/2786035(cna@sap.com)
https://launchpad.support.sap.com/#/notes/2786035(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0344(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.