Security Advisory — SAP Commerce Critical Vulnerability

Home/Security Update/Security Advisory — SAP Commerce Critical Vulnerability

Security Advisory — SAP Commerce Critical Vulnerability

Patch released for a new critical vulnerability affecting SAP commerce platforms.

SAP Commerce — CVE-2021-21477

SAP Commerce is prone to an arbitrary code execution vulnerability.

A Cloud solutions enable you to ease the buying process for your customers with a seamless experience – from search to sales.

Importantly, A new critical vulnerability reported — remote code execution, allowing threat actors take advantage of SAP application.

However,  The vulnerability caused due to improper access control to the drools rules.

In addition, An authenticated remote attacker can exploit this vulnerability by sending a specially-crafted request.

Impacted SAP Commerce platforms:

The flaw affects SAP Commerce versions:

  • 1808
  • 1811
  • 1905
  • 2005
  • 2011

Above all, the severity score considered with 9.9 in CVSS scale.

However, Successful exploitation can enable an attacker to inject and execute arbitrary code on the system.

Security Recommendations:

Patch for the critical vulnerability was released but the fix is only partial as it addresses the default permissions when initializing a new installation of the platform.

In addition, around 400k companies using this platform are affected.

On the other hand, An independent security audit revealed that there were 2,500 SAP systems exposed to the internet and vulnerable to the bug, according to sensorstechforum

Follow Us on: Twitter, InstagramFacebook to get latest security news!

By | 2021-02-13T20:45:24+05:30 February 13th, 2021|Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!