{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T15:16:59.978","vulnerabilities":[{"cve":{"id":"CVE-2019-0308","sourceIdentifier":"cna@sap.com","published":"2019-06-12T15:29:00.427","lastModified":"2024-11-21T04:16:39.850","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection."},{"lang":"es","value":"Un atacante identificado en SAP E-Commerce (Business-to-Consumer application) versiones 7.3, 7.31, 7.32, 7.33, 7.54 pueden cambiar el precio del producto a cero y además pagar inyectando un código HTML en la aplicación que será ejecutada en cualquier lugar que está la víctima se conecte en la aplicación o incluso en una máquina diferente, lo que conlleva a un código de inyección"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:e-commerce:7.30:*:*:*:*:*:*:*","matchCriteriaId":"AE94DFE3-E312-488B-918E-1CEB70C0BD69"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:e-commerce:7.31:*:*:*:*:*:*:*","matchCriteriaId":"ACE05D58-D4D8-49AA-951A-DF226EA70ADD"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:e-commerce:7.32:*:*:*:*:*:*:*","matchCriteriaId":"A24300CE-8C2E-446A-BF40-712C38DDE0F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:e-commerce:7.33:*:*:*:*:*:*:*","matchCriteriaId":"729FFC5E-4A45-4B9A-A4B0-A9CAEFBD2BF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:e-commerce:7.54:*:*:*:*:*:*:*","matchCriteriaId":"2E3A8F76-F6EA-47DC-A08B-645CC044A917"}]}]}],"references":[{"url":"https://launchpad.support.sap.com/#/notes/2773493","source":"cna@sap.com","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/2773493","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}