CVE-2019-0308 Information

Description

An authenticated attacker in SAP E-Commerce (Business-to-Consumer application) versions 7.3 7.31 7.32 7.33 7.54 can change the price of the product to zero and also checkout by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine leading to Code Injection.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

Reference

https://launchpad.support.sap.com//notes/2773493 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.8