Code Injection Vulnerability in SAP Commerce Cloud (Mediaconversion Extension)

Code Injection Vulnerability in SAP Commerce Cloud (Mediaconversion Extension)

CVE-2019-0343 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application.

Learn more about our Cis Benchmark Audit For Microsoft Office.