CVE-2019-0308

{"id": "CVE-2019-0308", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.3}]}, "published": "2019-06-12T15:29:00.427", "references": [{"url": "https://launchpad.support.sap.com/#/notes/2773493", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection."}, {"lang": "es", "value": "Un atacante identificado en SAP E-Commerce (Business-to-Consumer application) versiones 7.3, 7.31, 7.32, 7.33, 7.54 pueden cambiar el precio del producto a cero y adem\u00e1s pagar inyectando un c\u00f3digo HTML en la aplicaci\u00f3n que ser\u00e1 ejecutada en cualquier lugar que est\u00e1 la v\u00edctima se conecte en la aplicaci\u00f3n o incluso en una m\u00e1quina diferente, lo que conlleva a un c\u00f3digo de inyecci\u00f3n"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:e-commerce:7.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE94DFE3-E312-488B-918E-1CEB70C0BD69"}, {"criteria": "cpe:2.3:a:sap:e-commerce:7.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACE05D58-D4D8-49AA-951A-DF226EA70ADD"}, {"criteria": "cpe:2.3:a:sap:e-commerce:7.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A24300CE-8C2E-446A-BF40-712C38DDE0F7"}, {"criteria": "cpe:2.3:a:sap:e-commerce:7.33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "729FFC5E-4A45-4B9A-A4B0-A9CAEFBD2BF0"}, {"criteria": "cpe:2.3:a:sap:e-commerce:7.54:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E3A8F76-F6EA-47DC-A08B-645CC044A917"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}