CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-21477

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.1670%
EPSS Percentile29.19th
Published2021年2月9日
Last Modified2024年11月21日

Vulnerability Description

SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application.

Affected Platforms (CPE)

📦
Sap

Commerce

= 1808
📦
Sap

Commerce

= 1811
📦
Sap

Commerce

= 1905
📦
Sap

Commerce

= 2005
📦
Sap

Commerce

= 2011

References & Advisories

🔗 https://launchpad.support.sap.com/#/notes/3014121
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543
🔗 https://launchpad.support.sap.com/#/notes/3014121
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543

相关漏洞威胁

CVE-2007-412110.0

Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and A...

CVE-2004-227510.0

i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter.

CVE-2004-169510.0

EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to bypass authentication for the remote administration feature...

CVE-2008-579110.0

Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution before 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and att...