Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap commerce cloud 1811 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-6201
The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting.
Sap Commerce Cloud 6.6
Sap Commerce Cloud 6.7
Sap Commerce Cloud 1808
Sap Commerce Cloud 1811
Sap Commerce Cloud 1905
6.5
CVSSv2
CVE-2019-0343
SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the appl...
Sap Commerce Cloud 6.4
Sap Commerce Cloud 6.5
Sap Commerce Cloud 6.6
Sap Commerce Cloud 6.7
Sap Commerce Cloud 1808
Sap Commerce Cloud 1811
Sap Commerce Cloud 1905
1 Article
7.5
CVSSv2
CVE-2019-0344
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
Sap Commerce Cloud 6.4
Sap Commerce Cloud 6.5
Sap Commerce Cloud 6.6
Sap Commerce Cloud 6.7
Sap Commerce Cloud 1808
Sap Commerce Cloud 1811
Sap Commerce Cloud 1905
1 Article
5
CVSSv2
CVE-2019-0322
SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an malicious user to prevent legitimate users from accessing a service, either by crashing or flooding the service.
Sap Commerce Cloud 6.3
Sap Commerce Cloud 6.4
Sap Commerce Cloud 6.5
Sap Commerce Cloud 6.6
Sap Commerce Cloud 6.7
Sap Commerce Cloud 1808
Sap Commerce Cloud 1811
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2