CyberSec.Space Logo
Back to CVE Browser

CVE-2021-21477

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.1670%
EPSS Percentile29.19th
PublishedFeb 9, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application.

Affected Platforms (CPE)

πŸ“¦
Sap

Commerce

= 1808
πŸ“¦
Sap

Commerce

= 1811
πŸ“¦
Sap

Commerce

= 1905
πŸ“¦
Sap

Commerce

= 2005
πŸ“¦
Sap

Commerce

= 2011

References & Advisories

πŸ”— https://launchpad.support.sap.com/#/notes/3014121
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543
πŸ”— https://launchpad.support.sap.com/#/notes/3014121
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543

Related Vulnerabilities

CVE-2007-412110.0

Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and A...

CVE-2004-227510.0

i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter.

CVE-2004-169510.0

EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to bypass authentication for the remote administration feature...

CVE-2008-579110.0

Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution before 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and att...