CVE-2019-0343
HIGHSAP Commerce Cloud 6.4-6.7, 1808-1905 - Authenticated Code Injection via Mediaconversion Extension
Title source: llmDescription
SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2786035
Scores
CVSS v3
8.8
EPSS
0.0049
EPSS Percentile
65.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (7)
sap/commerce_cloud
6.4
sap/commerce_cloud
6.5
sap/commerce_cloud
6.6
sap/commerce_cloud
6.7
sap/commerce_cloud
1808
sap/commerce_cloud
1811
sap/commerce_cloud
1905
Published
Aug 14, 2019
Tracked Since
Feb 18, 2026