CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-21477

SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 77.3%

CVSS Severity

CVSS v3 Score 9.9

CVSS v2 Score 9.0

References

https://launchpad.support.sap.com/#/notes/3014121
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543
https://launchpad.support.sap.com/#/notes/3014121
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543

Products affected by CVE-2021-21477

Sap » Commerce » Version: 1808

cpe:2.3:a:sap:commerce:1808
Sap » Commerce » Version: 1811

cpe:2.3:a:sap:commerce:1811
Sap » Commerce » Version: 1905

cpe:2.3:a:sap:commerce:1905
Sap » Commerce » Version: 2005

cpe:2.3:a:sap:commerce:2005
Sap » Commerce » Version: 2011

cpe:2.3:a:sap:commerce:2011

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-21477

Products

Pricing

Contact Us