admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-03xx/CVE-2019-0308.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

148 lines
4.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-0308",
"sourceIdentifier": "cna@sap.com",
"published": "2019-06-12T15:29:00.427",
"lastModified": "2024-11-21T04:16:39.850",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection."
},
{
"lang": "es",
"value": "Un atacante identificado en SAP E-Commerce (Business-to-Consumer application) versiones 7.3, 7.31, 7.32, 7.33, 7.54 pueden cambiar el precio del producto a cero y adem\u00e1s pagar inyectando un c\u00f3digo HTML en la aplicaci\u00f3n que ser\u00e1 ejecutada en cualquier lugar que est\u00e1 la v\u00edctima se conecte en la aplicaci\u00f3n o incluso en una m\u00e1quina diferente, lo que conlleva a un c\u00f3digo de inyecci\u00f3n"
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"baseScore": 3.5,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:e-commerce:7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "AE94DFE3-E312-488B-918E-1CEB70C0BD69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:e-commerce:7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE05D58-D4D8-49AA-951A-DF226EA70ADD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:e-commerce:7.32:*:*:*:*:*:*:*",
"matchCriteriaId": "A24300CE-8C2E-446A-BF40-712C38DDE0F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:e-commerce:7.33:*:*:*:*:*:*:*",
"matchCriteriaId": "729FFC5E-4A45-4B9A-A4B0-A9CAEFBD2BF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:e-commerce:7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "2E3A8F76-F6EA-47DC-A08B-645CC044A917"
}
]
}
]
}
],
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/2773493",
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242",
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://launchpad.support.sap.com/#/notes/2773493",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
]
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink