9.8
CVSSv3

CVE-2019-0247

Published: 08/01/2019 Updated: 17/01/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SAP Cloud Connector, before version 2.11.3, allows an malicious user to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sap cloud connector

Recent Articles

Make a SAP decision: Apply these security fixes if you're using German giant's software
The Register • Richard Chirgwin • 09 Jan 2019

11 patches ship on Patch Tuesday

While you were sighing your way through Microsoft's Patch Tuesday, enterprise vendor SAP slid 11 security advisories under your door. Top of the list is a depressingly familiar howler in SAP Cloud Connector pre-version 2.11.3: the software neglects authentication checks for functions that require user identity (CVE-2019-0246). A related bug in Cloud Connector (the same versions), CVE-2019-0247, can be exploited to achieve remote code injection. The German titan's systems management environment, ...