Vulnerability-Lookup

BDU:2019-04790

Vulnerability from fstec - Published: 13.08.2019

Title

Уязвимость компонента virtualjdbc платформы электронной коммерции SAP Commerce Cloud, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость компонента virtualjdbc платформы электронной коммерции SAP Commerce Cloud связана с ошибками управления генерацией кода. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

SAP

Software Name

SAP Commerce Cloud

Software Version

6.4 (SAP Commerce Cloud), 6.5 (SAP Commerce Cloud), 6.6 (SAP Commerce Cloud), 6.7 (SAP Commerce Cloud), 1808 (SAP Commerce Cloud), 1811 (SAP Commerce Cloud), 1905 (SAP Commerce Cloud)

Possible Mitigations

Использование рекомендаций: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017

Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0344 https://launchpad.support.sap.com/#/notes/2786035 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

CWE

CWE-94

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "SAP",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6.4 (SAP Commerce Cloud), 6.5 (SAP Commerce Cloud), 6.6 (SAP Commerce Cloud), 6.7 (SAP Commerce Cloud), 1808 (SAP Commerce Cloud), 1811 (SAP Commerce Cloud), 1905 (SAP Commerce Cloud)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.08.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "03.10.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.12.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-04790",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-0344",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SAP Commerce Cloud",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 virtualjdbc \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043c\u0435\u0440\u0446\u0438\u0438 SAP Commerce Cloud, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0435\u0439 \u043a\u043e\u0434\u0430 (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430) (CWE-94)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 virtualjdbc \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043c\u0435\u0440\u0446\u0438\u0438 SAP Commerce Cloud \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0435\u0439 \u043a\u043e\u0434\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0344\nhttps://launchpad.support.sap.com/#/notes/2786035\nhttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-94",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CVE-2019-0344 (GCVE-0-2019-0344)

Vulnerability from cvelistv5 – Published: 2019-08-14 13:53 – Updated: 2025-10-21 23:45

Summary

Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Code Injection

Assigner

sap

References

URL

Tags

	https://wiki.scn.sap.com/wiki/pages/viewpage.acti…	x_refsource_MISC
	https://launchpad.support.sap.com/#/notes/2786035	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	SAP SE	SAP Commerce Cloud (virtualjdbc extension)	Affected: < 6.4 Affected: < 6.5 Affected: < 6.6 Affected: < 6.7 Affected: < 1808 Affected: < 1811 Affected: < 1905

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:44:16.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2786035"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:sap:commerce_cloud:1808:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:1811:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:1905:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.7:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce_cloud",
            "vendor": "sap",
            "versions": [
              {
                "status": "affected",
                "version": "1808"
              },
              {
                "status": "affected",
                "version": "1811"
              },
              {
                "status": "affected",
                "version": "1905"
              },
              {
                "status": "affected",
                "version": "6.4"
              },
              {
                "status": "affected",
                "version": "6.5"
              },
              {
                "status": "affected",
                "version": "6.6"
              },
              {
                "status": "affected",
                "version": "6.7"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:sap:commerce_cloud:1808:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:1811:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:1905:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.7:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce_cloud",
            "vendor": "sap",
            "versions": [
              {
                "status": "affected",
                "version": "1808"
              },
              {
                "status": "affected",
                "version": "1811"
              },
              {
                "status": "affected",
                "version": "1905"
              },
              {
                "status": "affected",
                "version": "6.4"
              },
              {
                "status": "affected",
                "version": "6.5"
              },
              {
                "status": "affected",
                "version": "6.6"
              },
              {
                "status": "affected",
                "version": "6.7"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:sap:commerce_cloud:1808:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:1811:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:1905:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.7:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce_cloud",
            "vendor": "sap",
            "versions": [
              {
                "status": "affected",
                "version": "1808"
              },
              {
                "status": "affected",
                "version": "1811"
              },
              {
                "status": "affected",
                "version": "1905"
              },
              {
                "status": "affected",
                "version": "6.4"
              },
              {
                "status": "affected",
                "version": "6.5"
              },
              {
                "status": "affected",
                "version": "6.6"
              },
              {
                "status": "affected",
                "version": "6.7"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:sap:commerce_cloud:1808:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:1811:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:1905:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.7:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce_cloud",
            "vendor": "sap",
            "versions": [
              {
                "status": "affected",
                "version": "1808"
              },
              {
                "status": "affected",
                "version": "1811"
              },
              {
                "status": "affected",
                "version": "1905"
              },
              {
                "status": "affected",
                "version": "6.4"
              },
              {
                "status": "affected",
                "version": "6.5"
              },
              {
                "status": "affected",
                "version": "6.6"
              },
              {
                "status": "affected",
                "version": "6.7"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:sap:commerce_cloud:1808:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:1811:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:1905:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.7:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce_cloud",
            "vendor": "sap",
            "versions": [
              {
                "status": "affected",
                "version": "1808"
              },
              {
                "status": "affected",
                "version": "1811"
              },
              {
                "status": "affected",
                "version": "1905"
              },
              {
                "status": "affected",
                "version": "6.4"
              },
              {
                "status": "affected",
                "version": "6.5"
              },
              {
                "status": "affected",
                "version": "6.6"
              },
              {
                "status": "affected",
                "version": "6.7"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:sap:commerce_cloud:1808:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:1811:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:1905:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.7:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce_cloud",
            "vendor": "sap",
            "versions": [
              {
                "status": "affected",
                "version": "1808"
              },
              {
                "status": "affected",
                "version": "1811"
              },
              {
                "status": "affected",
                "version": "1905"
              },
              {
                "status": "affected",
                "version": "6.4"
              },
              {
                "status": "affected",
                "version": "6.5"
              },
              {
                "status": "affected",
                "version": "6.6"
              },
              {
                "status": "affected",
                "version": "6.7"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:sap:commerce_cloud:1808:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:1811:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:1905:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:sap:commerce_cloud:6.7:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "commerce_cloud",
            "vendor": "sap",
            "versions": [
              {
                "status": "affected",
                "version": "1808"
              },
              {
                "status": "affected",
                "version": "1811"
              },
              {
                "status": "affected",
                "version": "1905"
              },
              {
                "status": "affected",
                "version": "6.4"
              },
              {
                "status": "affected",
                "version": "6.5"
              },
              {
                "status": "affected",
                "version": "6.6"
              },
              {
                "status": "affected",
                "version": "6.7"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-09-30",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0344"
              },
              "type": "kev"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2019-0344",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T13:32:40.662258Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:45:32.174Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0344"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-09-30T00:00:00.000Z",
            "value": "CVE-2019-0344 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP Commerce Cloud (virtualjdbc extension)",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.4"
            },
            {
              "status": "affected",
              "version": "\u003c 6.5"
            },
            {
              "status": "affected",
              "version": "\u003c 6.6"
            },
            {
              "status": "affected",
              "version": "\u003c 6.7"
            },
            {
              "status": "affected",
              "version": "\u003c 1808"
            },
            {
              "status": "affected",
              "version": "\u003c 1811"
            },
            {
              "status": "affected",
              "version": "\u003c 1905"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with \u0027Hybris\u0027 user rights, resulting in Code Injection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Code Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-14T13:53:21.000Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2786035"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2019-0344",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP Commerce Cloud (virtualjdbc extension)",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "6.4"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "6.5"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "6.6"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "6.7"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "1808"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "1811"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "1905"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with \u0027Hybris\u0027 user rights, resulting in Code Injection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Code Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017",
              "refsource": "MISC",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2786035",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/2786035"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2019-0344",
    "datePublished": "2019-08-14T13:53:21.000Z",
    "dateReserved": "2018-11-26T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:45:32.174Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-04790

CVE-2019-0344 (GCVE-0-2019-0344)

Tags

Sightings

Nomenclature