Unrated severityNVD Advisory· Published Jun 12, 2019· Updated Aug 4, 2024
CVE-2019-0308
CVE-2019-0308
Description
An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection.
Affected products
2- Range: 7.3, 7.31, 7.32, 7.33, 7.54
- SAP SE/SAP E-Commerce (Business-to-Consumer application)v5Range: < 7.3
Patches
Vulnerability mechanics
References
2- launchpad.support.sap.commitrex_refsource_MISC
- wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.