PT-2019-11226 · Sap · Sap Commerce
Publicado
2019-06-12
·
Atualizado
2021-07-21
·
CVE-2019-0308
CVSS v3.1
6.8
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
SAP E-Commerce (Business-to-Consumer application) versions 7.3, 7.31, 7.32, 7.33, 7.54
Description:
The issue allows an authenticated attacker to inject HTML code into the application, which will be executed when the victim logs in, potentially on a different machine. This can lead to code injection, enabling the attacker to change the price of a product to zero and complete checkout.
Recommendations:
For SAP E-Commerce (Business-to-Consumer application) versions 7.3, 7.31, 7.32, 7.33, 7.54, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sap Commerce