CVE-2019-0344 – SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2019-0344
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection. Debido a una deserialización no confiable usada en SAP Commerce Cloud (virtualjdbc extension), versiones 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, es posible ejecutar código arbitrario en una máquina de destino con derechos de usuario 'Hybris', resultando en Inyección de Código. SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection. • https://launchpad.support.sap.com/#/notes/2786035 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 • CWE-502: Deserialization of Untrusted Data •
CVE-2019-0343
https://notcve.org/view.php?id=CVE-2019-0343
SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. SAP Commerce Cloud (Mediaconversion Extension), versiones 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, permite a un usuario autenticado de Backoffice/HMC inyectar código que puede ser ejecutado por la aplicación, conllevando a la Inyección de Código. De este modo, un atacante podría controlar el comportamiento de la aplicación. • https://launchpad.support.sap.com/#/notes/2786035 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2019-0322
https://notcve.org/view.php?id=CVE-2019-0322
SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. SAP Commerce Cloud (anteriormente conocido como SAP Hybris Commerce), (HY_COM, versiones 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), permite que un atacante impida a los usuarios legítimos acceder a un servicio, ya sea bloqueando o inundando el servicio . • http://www.securityfocus.com/bid/109076 https://launchpad.support.sap.com/#/notes/2781873 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 •