VYPR
Unrated severityNVD Advisory· Published Jun 12, 2019· Updated Aug 4, 2024

CVE-2019-0308

CVE-2019-0308

Description

An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection.

Affected products

2
  • Range: 7.3, 7.31, 7.32, 7.33, 7.54
  • SAP SE/SAP E-Commerce (Business-to-Consumer application)v5
    Range: < 7.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.