CVE-2019-0344 Information
Feb 14, 2021
cve
Description
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension) versions 6.4 6.5 6.6 6.7 1808 1811 1905 it is possible to execute arbitrary code on a target machine with ‘Hybris’ user rights resulting in Code Injection.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://launchpad.support.sap.com//notes/2786035 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: