CVE-2019-0247

Опубликовано: 08 янв. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

Ссылки

https://launchpad.support.sap.com/#/notes/2696233
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2696233
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:cloud_connector:*:*:*:*:*:*:*:*

Версия до 2.11.3 (исключая)

EPSS

Процентиль: 68%

0.00569

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-xvr6-m6gq-m42f