CRITICAL🇬🇧 English

CVE-2019-0247

CVSS 9.8v3.0pub. 2019-01-08upd. 2024-11-21

SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sap Cloud Connector

    APP
    Sap
    < 2.11.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-33695CRITICAL9.1ten sam produkt

Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient ...

CVE-2019-0246CRITICAL9.8ten sam produkt

SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities tha...

CVE-2024-25642HIGH7.4ten sam produkt

Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the g...

CVE-2021-33692HIGH7.5ten sam produkt

SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked ...

CVE-2021-33694MEDIUM4.8ten sam produkt

SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker ...