CVE-2019-0344
Published: September 30, 2024
Official Description
SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection.
CISA KEV Advisory
SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability
SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Risk Analysis
A deserialization of untrusted data vulnerability in SAP Commerce Cloud (formerly Hybris) mediaconversion and virtualjdbc extensions allows for code injection. With an EPSS score of 0.40616 and inclusion in CISA's KEV, this vulnerability is actively exploited, posing a critical risk of remote code execution.
This vulnerability is actively exploited in the wild and is listed in CISA's KEV. It is remotely exploitable, likely through specially crafted input to the affected extensions.
Apply the latest security patches and updates for SAP Commerce Cloud, specifically addressing the mediaconversion and virtualjdbc extensions. Implement strict input validation and secure deserialization practices.
Technical Analysis
CVE-2019-0344 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CISA has added CVE-2019-0344 to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. U.S. federal agencies are required to patch this within the mandated timeframe, and all organizations should treat remediation as urgent.
Affected Vendors & Products
Exploit & PoC Resources
All References (2)
Quick Facts
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2019-0344 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts
- !CISA KEV: Federal agencies must patch per BOD 22-01 timeline
- !Active exploitation confirmed — treat as P1