CVE-2019-0343

Name of the Vulnerable Software and Affected Versions SAP Commerce Cloud (Mediaconversion Extension) versions 6.4 through 6.7, 1808, 1811, 1905

Description The issue is related to errors in code generation management in the Mediaconversion component of the SAP Commerce Cloud e-commerce platform. It allows a remote attacker to potentially gain full control over the application. Specifically, an authenticated Backoffice/HMC user can inject code that can be executed by the application, leading to code injection. This enables an attacker to control the behavior of the application.

Recommendations For SAP Commerce Cloud (Mediaconversion Extension) versions 6.4 through 6.7, 1808, 1811, 1905, consider restricting access to the Mediaconversion component until a fix is available. As a temporary workaround, limit the privileges of authenticated Backoffice/HMC users to minimize the risk of code injection. Avoid using the Mediaconversion Extension in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.