CVE-2019-0343

Summary

SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Commerce Cloud (Mediaconversion Extension)< 6.4affected
SAP SESAP Commerce Cloud (Mediaconversion Extension)< 6.5affected
SAP SESAP Commerce Cloud (Mediaconversion Extension)< 6.6affected
SAP SESAP Commerce Cloud (Mediaconversion Extension)< 6.7affected
SAP SESAP Commerce Cloud (Mediaconversion Extension)< 1808affected
SAP SESAP Commerce Cloud (Mediaconversion Extension)< 1811affected
SAP SESAP Commerce Cloud (Mediaconversion Extension)< 1905affected

Weaknesses

  • Code Injection

ADP Enrichment

CVE Program Container

Additional References

References