Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
SAP Hybris Deserialization RCE - Vulnerability Database

SAP Hybris Deserialization RCE

Description

Virtualjdbc extension of SAP Hybris Commerce Cloud uses unsafe java deserialization and it's vulnerable to deserialization attacks. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system or to perform a denial of service attack.

Remediation

Upgrade to the latest version of SAP Hybris.

References

CVE-2019-0344

Related Vulnerabilities

Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950 High
Common tags: Code Execution Denial Of Service Insecure Deserialization Acumonitor
ColdFusion AMF Deserialization RCE High
Common tags: Code Execution Denial Of Service Insecure Deserialization Acumonitor
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070) High
Common tags: Code Execution Denial Of Service Insecure Deserialization Acumonitor
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587) High
Common tags: Code Execution Denial Of Service Insecure Deserialization Acumonitor
Ruby on Rails DoubleTap RCE (CVE-2019-5420) High
Common tags: Code Execution Insecure Deserialization Acumonitor Known Vulnerabilities

Severity

High

Classification

CVE-2019-0344
CWE-502
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Code Execution
Denial Of Service
Insecure Deserialization
Acumonitor
Known Vulnerabilities