CVE-2019-0308
Last modified
CVE-2019-0308 is a vulnerability of currently unknown severity. An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection.. EPSS estimates a 0.86% chance of exploitation in the next 30 days.
Description
An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | E-Commerce | 7.30 |
| Sap | E-Commerce | 7.31 |
| Sap | E-Commerce | 7.32 |
| Sap | E-Commerce | 7.33 |
| Sap | E-Commerce | 7.54 |
References
- https://launchpad.support.sap.com/#/notes/2773493Permissions Required, Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2773493Permissions Required, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-0308?
How severe is CVE-2019-0308?
How do I fix CVE-2019-0308?
Are you affected by CVE-2019-0308?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST