CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-0343
https://notcve.org/view.php?id=CVE-2019-0343
14 Aug 2019 — SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. SAP Commerce Cloud (Mediaconversion Extension), versiones 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, permite a un usuario autenticado de Backoffice/HMC inyectar código que puede ser ejecutado por la aplicación, conllevando a la ... • https://launchpad.support.sap.com/#/notes/2786035 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-0322
https://notcve.org/view.php?id=CVE-2019-0322
10 Jul 2019 — SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. SAP Commerce Cloud (anteriormente conocido como SAP Hybris Commerce), (HY_COM, versiones 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), permite que un atacante impida a los usuarios legítimos acceder a un servicio, ya sea bloqueando o inundando el servicio . • http://www.securityfocus.com/bid/109076 •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-0308
https://notcve.org/view.php?id=CVE-2019-0308
12 Jun 2019 — An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection. Un atacante identificado en SAP E-Commerce (Business-to-Consumer application) versiones 7.3, 7.31, 7.32, 7.33, 7.54 pueden cambiar el precio del producto a cero ... • https://launchpad.support.sap.com/#/notes/2773493 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2019-0298
https://notcve.org/view.php?id=CVE-2019-0298
14 May 2019 — SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54. La aplicación SAP E-Commerce Business-to-Consumer) no codifica las entradas controladas por el usuario suficientemente, generando un vulnerabilidad en Cross-Site Scripting (XSS). Se corrigió en los siguientes compo... • http://www.securityfocus.com/bid/108314 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •