NotCVE - vendor:"Sap" product:"Commerce"

Page 6 of 30 results (0.001 seconds)

CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2019-0344

https://notcve.org/view.php?id=CVE-2019-0344

Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection. Debido a una deserialización no confiable usada en SAP Commerce Cloud (virtualjdbc extension), versiones 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, es posible ejecutar código arbitrario en una máquina de destino con derechos de usuario 'Hybris', resultando en Inyección de Código. • https://launchpad.support.sap.com/#/notes/2786035 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 • CWE-502: Deserialization of Untrusted Data •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2019-0343

https://notcve.org/view.php?id=CVE-2019-0343

SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. SAP Commerce Cloud (Mediaconversion Extension), versiones 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, permite a un usuario autenticado de Backoffice/HMC inyectar código que puede ser ejecutado por la aplicación, conllevando a la Inyección de Código. De este modo, un atacante podría controlar el comportamiento de la aplicación. • https://launchpad.support.sap.com/#/notes/2786035 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2019-0322

https://notcve.org/view.php?id=CVE-2019-0322

SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. SAP Commerce Cloud (anteriormente conocido como SAP Hybris Commerce), (HY_COM, versiones 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), permite que un atacante impida a los usuarios legítimos acceder a un servicio, ya sea bloqueando o inundando el servicio . • http://www.securityfocus.com/bid/109076 https://launchpad.support.sap.com/#/notes/2781873 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2019-0308

https://notcve.org/view.php?id=CVE-2019-0308

An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection. Un atacante identificado en SAP E-Commerce (Business-to-Consumer application) versiones 7.3, 7.31, 7.32, 7.33, 7.54 pueden cambiar el precio del producto a cero y además pagar inyectando un código HTML en la aplicación que será ejecutada en cualquier lugar que está la víctima se conecte en la aplicación o incluso en una máquina diferente, lo que conlleva a un código de inyección • https://launchpad.support.sap.com/#/notes/2773493 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0

CVE-2019-0298

https://notcve.org/view.php?id=CVE-2019-0298

SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54. La aplicación SAP E-Commerce Business-to-Consumer) no codifica las entradas controladas por el usuario suficientemente, generando un vulnerabilidad en Cross-Site Scripting (XSS). Se corrigió en los siguientes componentes SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versiones 7.30, 7.31, 7.32, 7.33, 7.54. • http://www.securityfocus.com/bid/108314 https://launchpad.support.sap.com/#/notes/2773086 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...4 5 6