{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/162232?format=json","vulnerability_id":"VCID-grnd-wb8b-nfdx","summary":"Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.","aliases":[{"alias":"CVE-2019-0344"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0344","reference_id":"","reference_type":"","scores":[{"value":"0.40202","scoring_system":"epss","scoring_elements":"0.97437","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0344"},{"reference_url":"https://launchpad.support.sap.com/#/notes/2786035","reference_id":"2786035","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-10-04T13:32:40Z/"}],"url":"https://launchpad.support.sap.com/#/notes/2786035"},{"reference_url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017","reference_id":"viewpage.action?pageId=523998017","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-10-04T13:32:40Z/"}],"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017"}],"weaknesses":[],"exploits":[{"date_added":"2024-09-30","description":"SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection.","required_action":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","due_date":"2024-10-21","notes":"https://web.archive.org/web/20191214053020/https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 ; https://nvd.nist.gov/vuln/detail/CVE-2019-0344","known_ransomware_campaign_use":false,"source_date_published":null,"exploit_type":null,"platform":null,"source_date_updated":null,"data_source":"KEV","source_url":null}],"severity_range_score":"9.8 - 9.8","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-grnd-wb8b-nfdx"}