CVE-2019-0344

Summary

Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Commerce Cloud (virtualjdbc extension)< 6.4affected
SAP SESAP Commerce Cloud (virtualjdbc extension)< 6.5affected
SAP SESAP Commerce Cloud (virtualjdbc extension)< 6.6affected
SAP SESAP Commerce Cloud (virtualjdbc extension)< 6.7affected
SAP SESAP Commerce Cloud (virtualjdbc extension)< 1808affected
SAP SESAP Commerce Cloud (virtualjdbc extension)< 1811affected
SAP SESAP Commerce Cloud (virtualjdbc extension)< 1905affected

Weaknesses

  • Code Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References