GCVE - cpe:2.3:a:sap:commerce_cloud:6.5:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:sap:commerce_cloud:6.5:*:*:*:*:*:*:*

part: a version: 6.5 update: *

Vendor	Sap (`dd5aa0c0-20b0-5c86-a937-aa29f1a33b77`)
Product	Commerce Cloud (`dcc962b4-c597-5003-9bf3-300d7e2969e9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-0344`	vulnerable	2026-06-03 14:39:19.146525	Details available Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection. Published: 2019-08-14T13:53:21.000Z Updated: 2025-10-21T23:45:32.174Z Open on db.gcve.eu Reference links https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 https://launchpad.support.sap.com/#/notes/2786035	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-0343`	vulnerable	2026-06-03 14:39:19.143597	Details available SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. Published: 2019-08-14T13:53:05.000Z Updated: 2024-08-04T17:44:16.564Z Open on db.gcve.eu Reference links https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 https://launchpad.support.sap.com/#/notes/2786035	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-0322`	vulnerable	2026-06-03 14:39:19.108560	Details available SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Published: 2019-07-10T19:00:32.000Z Updated: 2024-08-04T17:44:16.479Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/109076 https://launchpad.support.sap.com/#/notes/2781873 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.