Unsafe Deserialization Vulnerability in SAP Commerce Cloud (VirtualJDBC Extension) Allows Arbitrary Code Execution

Unsafe Deserialization Vulnerability in SAP Commerce Cloud (VirtualJDBC Extension) Allows Arbitrary Code Execution

CVE-2019-0344 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.

Learn more about our Cloud Audit.