CVE-2019-0246 Multiple Vulnerabilities in SAP Cloud Connector – January 2019

Preface: Using both private and public clouds in parallel allows company to pick and choose which data and services they want to keep in the private cloud for added security, and which in the public cloud. This is so called a hybrid cloud concept.

Vulnerability found on SAP cloud connector:
SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. As a result it might happen unknown malicious action.

Synopsis: Attacker will be exploit Java code through scripting API or dynamic JSP do the injection .

Official announcement shown as below:
SAP Security Patch Day – January 2019 –