Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with ‘Hybris’ user rights, resulting in Code Injection.
CPE | Name | Operator | Version |
---|---|---|---|
commerce_cloud | eq | 6.4 | |
commerce_cloud | eq | 6.5 | |
commerce_cloud | eq | 6.6 | |
commerce_cloud | eq | 6.7 | |
commerce_cloud | eq | 1808 | |
commerce_cloud | eq | 1811 | |
commerce_cloud | eq | 1905 |