CVE-2021-42064 is a vulnerability in SAP Commerce
Published on December 14, 2021

If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if the parameterized "in" clause accepts more than 1000 values.

NVD

Products Associated with CVE-2021-42064

Want to know whenever a new CVE is published for SAP Commerce? stack.watch will email you.

SAP Commerce

Affected Versions

SAP SE SAP Commerce:

Version < 1905 is affected.
Version < 2005 is affected.
Version < 2105 is affected.
Version < 2011 is affected.

Exploit Probability

EPSS

0.62%

Percentile

69.67%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-42064 is a vulnerability in SAP CommercePublished on December 14, 2021

Products Associated with CVE-2021-42064

Affected Versions

Exploit Probability

CVE-2021-42064 is a vulnerability in SAP Commerce
Published on December 14, 2021