admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-03xx/CVE-2019-0344.json

142 lines
4.4 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2019-0344",
"sourceIdentifier": "cna@sap.com",
"published": "2019-08-14T14:15:16.463",
"lastModified": "2020-08-24T17:37:01.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection."
},
{
"lang": "es",
"value": "Debido a una deserializaci\u00f3n no confiable usada en SAP Commerce Cloud (virtualjdbc extension), versiones 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, es posible ejecutar c\u00f3digo arbitrario en una m\u00e1quina de destino con derechos de usuario 'Hybris', resultando en Inyecci\u00f3n de C\u00f3digo."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:commerce_cloud:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1C7951-7EDB-4BFC-ABF2-906778CD058F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:commerce_cloud:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D2F233-16BB-4E4F-8FA3-FB03A0C198E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:commerce_cloud:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB45CC6E-1837-4B0A-9F78-730161506D6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:commerce_cloud:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F32D694A-18E7-40E3-8EE0-9A240DED7A34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:commerce_cloud:1808:*:*:*:*:*:*:*",
"matchCriteriaId": "5649AB0A-1D84-4716-A178-F196A1DA9C1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:commerce_cloud:1811:*:*:*:*:*:*:*",
"matchCriteriaId": "A9DE60D1-95FF-4220-AE63-2C351781FDA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:commerce_cloud:1905:*:*:*:*:*:*:*",
"matchCriteriaId": "19E11B22-F514-48D6-B78F-8A64CE1BA364"
}
]
}
]
}
],
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/2786035",
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017",
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue Copy Permalink