CVE-2019-0343 - OpenCVE

SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	Commerce Cloud

Configuration 1 [-]

OR	cpe:2.3:a:sap:commerce_cloud:6.4:::::::*
	cpe:2.3:a:sap:commerce_cloud:6.5:::::::*
	cpe:2.3:a:sap:commerce_cloud:6.6:::::::*
	cpe:2.3:a:sap:commerce_cloud:6.7:::::::*
	cpe:2.3:a:sap:commerce_cloud:1808:::::::*
	cpe:2.3:a:sap:commerce_cloud:1811:::::::*
	cpe:2.3:a:sap:commerce_cloud:1905:::::::*

No data.

References

Link	Providers
https://launchpad.support.sap.com/#/notes/2786035
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017

History

No history.

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2019-08-14T13:53:05

Updated: 2024-08-04T17:44:16.564Z

Reserved: 2018-11-26T00:00:00

Link: CVE-2019-0343

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-08-14T14:15:16.403

Modified: 2019-08-23T16:46:00.570

Link: CVE-2019-0343

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SAP Commerce Cloud (Mediaconversion Extension)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 6.4"}, {"status": "affected", "version": "< 6.5"}, {"status": "affected", "version": "< 6.6"}, {"status": "affected", "version": "< 6.7"}, {"status": "affected", "version": "< 1808"}, {"status": "affected", "version": "< 1811"}, {"status": "affected", "version": "< 1905"}]}], "descriptions": [{"lang": "en", "value": "SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application."}], "problemTypes": [{"descriptions": [{"description": "Code Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-14T13:53:05", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2786035"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2019-0343", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP Commerce Cloud (Mediaconversion Extension)", "version": {"version_data": [{"version_name": "<", "version_value": "6.4"}, {"version_name": "<", "version_value": "6.5"}, {"version_name": "<", "version_value": "6.6"}, {"version_name": "<", "version_value": "6.7"}, {"version_name": "<", "version_value": "1808"}, {"version_name": "<", "version_value": "1811"}, {"version_name": "<", "version_value": "1905"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Code Injection"}]}]}, "references": {"reference_data": [{"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"}, {"name": "https://launchpad.support.sap.com/#/notes/2786035", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2786035"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:44:16.564Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/2786035"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2019-0343", "datePublished": "2019-08-14T13:53:05", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T17:44:16.564Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:commerce_cloud:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "6E1C7951-7EDB-4BFC-ABF2-906778CD058F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:commerce_cloud:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "B9D2F233-16BB-4E4F-8FA3-FB03A0C198E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:commerce_cloud:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "CB45CC6E-1837-4B0A-9F78-730161506D6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:commerce_cloud:6.7:*:*:*:*:*:*:*", "matchCriteriaId": "F32D694A-18E7-40E3-8EE0-9A240DED7A34", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:commerce_cloud:1808:*:*:*:*:*:*:*", "matchCriteriaId": "5649AB0A-1D84-4716-A178-F196A1DA9C1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:commerce_cloud:1811:*:*:*:*:*:*:*", "matchCriteriaId": "A9DE60D1-95FF-4220-AE63-2C351781FDA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:commerce_cloud:1905:*:*:*:*:*:*:*", "matchCriteriaId": "19E11B22-F514-48D6-B78F-8A64CE1BA364", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application."}, {"lang": "es", "value": "SAP Commerce Cloud (Mediaconversion Extension), versiones 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, permite a un usuario autenticado de Backoffice/HMC inyectar c\u00f3digo que puede ser ejecutado por la aplicaci\u00f3n, conllevando a la Inyecci\u00f3n de C\u00f3digo. De este modo, un atacante podr\u00eda controlar el comportamiento de la aplicaci\u00f3n."}], "id": "CVE-2019-0343", "lastModified": "2019-08-23T16:46:00.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-14T14:15:16.403", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2786035"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}