2 matches found
Remote code execution
SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malicious code in the...
CVE-2021-27602
CVE-2021-27602 affects SAP Commerce Backoffice in versions 1808, 1811, 1905, 2005, 2011. The backoffice allows certain authorized users to create source rules, which are translated to Drools rules when published to certain modules. The vulnerability arises when an attacker with this authorization...