VYPR
Unrated severityNVD Advisory· Published Feb 9, 2021· Updated Aug 3, 2024

CVE-2021-21477

CVE-2021-21477

Description

SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application.

Affected products

2
  • Range: = 1808, 1811, 1905, 2005, 2011
  • SAP SE/SAP Commercev5
    Range: < 1808

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.