Skip links
RedRays - Your SAP Security Solution
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

SAP Security on Udemy

CVE-2019-0308 Code Injection vulnerability in SAP E-Commerce (Business-to-Consumer) Application, SAP security note 2773493

Description

SAP E-Commerce (Business-to-Consumer) application allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

Some well-known impacts of Code Injection vulnerability are

  • Unauthorized execution of commands
  • Sensitive information disclosure
  • Denial of Service

Available fix and Supported packages

  • SAP-CRMJAV | 731 | 731
  • SAP-CRMJAV | 730 | 730
  • SAP-CRMJAV | 732 | 732
  • SAP-CRMJAV | 733 | 733
  • SAP-CRMJAV | 754 | 754
  • SAP-CRMWEB | 731 | 731
  • SAP-CRMWEB | 730 | 730
  • SAP-CRMWEB | 732 | 732
  • SAP-CRMWEB | 733 | 733
  • SAP-CRMWEB | 754 | 754
  • SAP-SHRWEB | 731 | 731
  • SAP-SHRWEB | 730 | 730
  • SAP-SHRWEB | 732 | 732
  • SAP-SHRWEB | 733 | 733
  • SAP-SHRWEB | 754 | 754
  • SAP-SHRJAV | 731 | 731
  • SAP-SHRJAV | 730 | 730
  • SAP-SHRJAV | 732 | 732
  • SAP-SHRJAV | 733 | 733
  • SAP-SHRJAV | 754 | 754
  • CRM JAVA APPLICATIONS 7.30 | SP012 | 000210
  • CRM JAVA APPLICATIONS 7.31 | SP009 | 000216
  • CRM JAVA APPLICATIONS 7.32 | SP004 | 000215
  • CRM JAVA APPLICATIONS 7.33 | SP000 | 000180
  • CRM JAVA APPLICATIONS 7.54 | SP001 | 000084
  • CRM JAVA COMPONENTS 7.30 | SP012 | 000210
  • CRM JAVA COMPONENTS 7.31 | SP009 | 000216
  • CRM JAVA COMPONENTS 7.32 | SP004 | 000215
  • CRM JAVA COMPONENTS 7.33 | SP000 | 000180
  • CRM JAVA COMPONENTS 7.54 | SP001 | 000084
  • CRM JAVA WEB COMPONENTS 7.30 | SP012 | 000210
  • CRM JAVA WEB COMPONENTS 7.31 | SP009 | 000216
  • CRM JAVA WEB COMPONENTS 7.32 | SP004 | 000215
  • CRM JAVA WEB COMPONENTS 7.33 | SP000 | 000180
  • CRM JAVA WEB COMPONENTS 7.54 | SP001 | 000084
  • SAP SHARED JAVA APPLIC. 7.30 | SP012 | 000210
  • SAP SHARED JAVA APPLIC. 7.31 | SP009 | 000216
  • SAP SHARED JAVA APPLIC. 7.32 | SP004 | 000215
  • SAP SHARED JAVA APPLIC. 7.33 | SP000 | 000180
  • SAP SHARED JAVA APPLIC. 7.54 | SP001 | 000084

Affected component

    CRM-ISA-BCS
    Business-to-Consumer Sales

CVSS

Score: 6.8
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2773493

TAGS

#Command-Injection
#OS-command-injection
#&160-CVE-2019-0308

More to explorer

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series. 

JOIN