CVE-2019-0343

EUVD-2019-1116
SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
sapcommerce_cloud
6.4
sapcommerce_cloud
6.5
sapcommerce_cloud
6.6
sapcommerce_cloud
6.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/2786035
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017
https://launchpad.support.sap.com/#/notes/2786035
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017