Search criteria
2 vulnerabilities found for SAP Commerce Cloud (Mediaconversion Extension) by SAP SE
CVE-2019-0343 (GCVE-0-2019-0343)
Vulnerability from nvd – Published: 2019-08-14 13:53 – Updated: 2024-08-04 17:44
VLAI
Summary
SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.
Severity
No CVSS data available.
CWE
- Code Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/2786035 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Commerce Cloud (Mediaconversion Extension) |
Affected:
< 6.4
Affected: < 6.5 Affected: < 6.6 Affected: < 6.7 Affected: < 1808 Affected: < 1811 Affected: < 1905 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2786035"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Commerce Cloud (Mediaconversion Extension)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 6.4"
},
{
"status": "affected",
"version": "\u003c 6.5"
},
{
"status": "affected",
"version": "\u003c 6.6"
},
{
"status": "affected",
"version": "\u003c 6.7"
},
{
"status": "affected",
"version": "\u003c 1808"
},
{
"status": "affected",
"version": "\u003c 1811"
},
{
"status": "affected",
"version": "\u003c 1905"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-14T13:53:05.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2786035"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Commerce Cloud (Mediaconversion Extension)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "6.4"
},
{
"version_name": "\u003c",
"version_value": "6.5"
},
{
"version_name": "\u003c",
"version_value": "6.6"
},
{
"version_name": "\u003c",
"version_value": "6.7"
},
{
"version_name": "\u003c",
"version_value": "1808"
},
{
"version_name": "\u003c",
"version_value": "1811"
},
{
"version_name": "\u003c",
"version_value": "1905"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2786035",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2786035"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0343",
"datePublished": "2019-08-14T13:53:05.000Z",
"dateReserved": "2018-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:44:16.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0343 (GCVE-0-2019-0343)
Vulnerability from cvelistv5 – Published: 2019-08-14 13:53 – Updated: 2024-08-04 17:44
VLAI
Summary
SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.
Severity
No CVSS data available.
CWE
- Code Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/2786035 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Commerce Cloud (Mediaconversion Extension) |
Affected:
< 6.4
Affected: < 6.5 Affected: < 6.6 Affected: < 6.7 Affected: < 1808 Affected: < 1811 Affected: < 1905 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2786035"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Commerce Cloud (Mediaconversion Extension)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 6.4"
},
{
"status": "affected",
"version": "\u003c 6.5"
},
{
"status": "affected",
"version": "\u003c 6.6"
},
{
"status": "affected",
"version": "\u003c 6.7"
},
{
"status": "affected",
"version": "\u003c 1808"
},
{
"status": "affected",
"version": "\u003c 1811"
},
{
"status": "affected",
"version": "\u003c 1905"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-14T13:53:05.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2786035"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Commerce Cloud (Mediaconversion Extension)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "6.4"
},
{
"version_name": "\u003c",
"version_value": "6.5"
},
{
"version_name": "\u003c",
"version_value": "6.6"
},
{
"version_name": "\u003c",
"version_value": "6.7"
},
{
"version_name": "\u003c",
"version_value": "1808"
},
{
"version_name": "\u003c",
"version_value": "1811"
},
{
"version_name": "\u003c",
"version_value": "1905"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2786035",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2786035"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0343",
"datePublished": "2019-08-14T13:53:05.000Z",
"dateReserved": "2018-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:44:16.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}