CVE-2021-21477 is a vulnerability in SAP Commerce
Published on February 9, 2021
SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application.
Products Associated with CVE-2021-21477
Want to know whenever a new CVE is published for SAP Commerce? stack.watch will email you.
Affected Versions
SAP SE SAP Commerce:- Version < 1808 is affected.
- Version < 1811 is affected.
- Version < 1905 is affected.
- Version < 2005 is affected.
- Version < 2011 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.