Remote Code Execution Vulnerability in SAP Commerce Cloud
CVE-2021-21477

9.9CRITICAL

Key Information:

Vendor: SAP
Status: SAP Commerce
Vendor: CVE Published:; 9 February 2021

Summary

An authentication vulnerability exists in SAP Commerce Cloud, allowing privileged users to edit drools rules. An attacker could exploit this to inject and execute malicious code, potentially compromising the application environment's confidentiality, integrity, and availability. This highlights a significant risk for organizations using affected versions of SAP Commerce Cloud, urging them to implement necessary security measures and updates.

Affected Version(s)

SAP Commerce < 1808 < 1808

SAP Commerce < 1811 < 1811

SAP Commerce < 1905 < 1905

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3014121

x_refsource_MISC

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 9, 2021
Vulnerability Reserved
Dec 30, 2020