CVE-2019-0308 — MEDIUM (6.8)

Vulnerability Description

An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection.

CVSS Score

6.8

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Sap	E-Commerce	7.30

Related Weaknesses (CWE)

CWE-79

References

https://launchpad.support.sap.com/#/notes/2773493Permissions RequiredVendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242Vendor Advisory
https://launchpad.support.sap.com/#/notes/2773493Permissions RequiredVendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242Vendor Advisory

FAQ

What is CVE-2019-0308?

CVE-2019-0308 is a vulnerability with a CVSS score of 6.8 (MEDIUM). An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTM...

How severe is CVE-2019-0308?

CVE-2019-0308 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-0308?

Check the references section above for vendor advisories and patch information. Affected products include: Sap E-Commerce.