"Organizations Warned of Exploited SAP, Gpac and D-Link Vulnerabilities"
"Organizations Warned of Exploited SAP, Gpac and D-Link Vulnerabilities"
The US Cybersecurity and Infrastructure Security Agency (CISA) reports that SAP Commerce, Gpac framework, and D-Link DIR-820 routers are being exploited using old vulnerabilities. The oldest flaw, tracked as CVE-2019-0344 with a CVSS score of 9.8, enables attackers to execute arbitrary code on a vulnerable system with Hybris user rights. It is an unsafe deserialization issue in SAP Commerce Cloud's "virtualjdbc" extension. Hybris is a Customer Relationship Management (CRM) tool deeply integrated into the SAP cloud ecosystem.