Commerce Cloud@6.5 Security Vulnerabilities and Issues — Commerce Cloud@6.5 CVE List

Lucene search

SapCommerce Cloud6.5

3 matches found

CVE•added 2019/08/14 2:15 p.m.•289 views

CVE-2019-0344

Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.

9.8CVSS9.7AI score0.34064EPSS

CVE•added 2019/07/10 7:15 p.m.•123 views

CVE-2019-0322

SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.

7.5CVSS7.4AI score0.00644EPSS

CVE•added 2019/08/14 2:15 p.m.•47 views

CVE-2019-0343

SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.

8.8CVSS8.6AI score0.00609EPSS