Remote Code Execution Vulnerability in SAP Commerce Cloud
CVE-2021-21477
9.9CRITICAL
What is CVE-2021-21477?
An authentication vulnerability exists in SAP Commerce Cloud, allowing privileged users to edit drools rules. An attacker could exploit this to inject and execute malicious code, potentially compromising the application environment's confidentiality, integrity, and availability. This highlights a significant risk for organizations using affected versions of SAP Commerce Cloud, urging them to implement necessary security measures and updates.
Affected Version(s)
SAP Commerce < 1808 < 1808
SAP Commerce < 1811 < 1811
SAP Commerce < 1905 < 1905