CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-42064

If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if the parameterized "in" clause accepts more than 1000 values.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 72.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 6.8

References

https://launchpad.support.sap.com/#/notes/3114134
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
https://launchpad.support.sap.com/#/notes/3114134
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021

Products affected by CVE-2021-42064

Sap » Commerce » Version: 1905

cpe:2.3:a:sap:commerce:1905
Sap » Commerce » Version: 2005

cpe:2.3:a:sap:commerce:2005
Sap » Commerce » Version: 2011

cpe:2.3:a:sap:commerce:2011
Sap » Commerce » Version: 2105

cpe:2.3:a:sap:commerce:2105

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-42064

Products

Pricing

Contact Us