RCE in Sap Cloud_connector

CVE-2019-0247

SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.013 (66.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

  • cna@sap.com (Permissions Required, x_refsource_MISC, Vendor Advisory)
  • cna@sap.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2019-0247?
CVE-2019-0247 is a critical-severity vulnerability in Sap Cloud_connector, classified under Code Injection. CVSS score: 9.8/10. Published 2019-01-08.
How severe is CVE-2019-0247?
Critical severity. CVSS v3 base score is 9.8 out of 10.