CVE-2019-0308
N/A
N/A
Summary
An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP E-Commerce (Business-to-Consumer application) | < 7.3 | affected |
| SAP SE | SAP E-Commerce (Business-to-Consumer application) | < 7.31 | affected |
| SAP SE | SAP E-Commerce (Business-to-Consumer application) | < 7.32 | affected |
| SAP SE | SAP E-Commerce (Business-to-Consumer application) | < 7.33 | affected |
| SAP SE | SAP E-Commerce (Business-to-Consumer application) | < 7.54 | affected |
Weaknesses
- Code Injection
ADP Enrichment
CVE Program Container
Additional References
- https://launchpad.support.sap.com/#/notes/2773493
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242
References
- https://launchpad.support.sap.com/#/notes/2773493
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.