logo

CVE-2019-0344 - SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability

CVE-2019-0344

SAP | Commerce Cloud

  • Date Added:
  • 2024-09-30
  • Due Date:
  • 2024-10-21
Vulnerability Name

SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability

Description

SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes
https://web.archive.org/web/20191214053020/https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 ; https://nvd.nist.gov/vuln/detail/CVE-2019-0344

Free security scan for your website