CVE-2021-21477
Description
SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application.
Risk Information
Base Score
9.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.99
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in SAP Commerce 1808 | Windows |
| Multiple Vulnerabilities are affected in SAP Commerce 1811 | Windows |
| Multiple Vulnerabilities are affected in SAP Commerce 1905 | Windows |
| Multiple Vulnerabilities are affected in SAP Commerce 2005 | Windows |
| Multiple Vulnerabilities are affected in SAP Commerce 2011 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234