CVE-2019-0344

Name of the Vulnerable Software and Affected Versions SAP Commerce Cloud versions 6.4 through 6.7, 1808, 1811, 1905

Description The issue is related to unsafe deserialization used in the virtualjdbc extension of SAP Commerce Cloud, allowing for the execution of arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection. This can be exploited by a remote attacker. The vulnerability is associated with errors in code generation management.

Recommendations For versions 6.4 through 6.7, 1808, 1811, 1905, update to a version that includes the fix for the unsafe deserialization vulnerability in the virtualjdbc extension. As a temporary workaround, consider disabling the virtualjdbc extension until a patch is available. Restrict access to the virtualjdbc module to minimize the risk of exploitation.