RCE in Sap Cloud_connector
CVE-2019-0247
SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.013 (66.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Sap Cloud_connector
- Sap Se Cloud Connector — versions < 2.11.3
Weakness classification (CWE)
References
- cna@sap.com (Permissions Required, x_refsource_MISC, Vendor Advisory)
- cna@sap.com (x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2019-0247?
- CVE-2019-0247 is a critical-severity vulnerability in Sap Cloud_connector, classified under Code Injection. CVSS score: 9.8/10. Published 2019-01-08.
- How severe is CVE-2019-0247?
- Critical severity. CVSS v3 base score is 9.8 out of 10.