If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized βinβ clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if the parameterized βinβ clause accepts more than 1000 values.
[
{
"product": "SAP Commerce",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "< 1905"
},
{
"status": "affected",
"version": "< 2005"
},
{
"status": "affected",
"version": "< 2105"
},
{
"status": "affected",
"version": "< 2011"
}
]
}
]