Published: 09/02/2021 Updated: 16/02/2021

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 9.9 | Impact Score: 6 | Exploitability Score: 3.1

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the malicious user to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap commerce 1808
sap commerce 1811
sap commerce 1905
sap commerce 2005
sap commerce 2011

Microsoft Patch Tuesday gaffe leads netizens to 'Microosft' typo-squatting domain

The Register • Thomas Claburn in San Francisco • 09 Feb 2021

That aside, enjoy the light load of 56 vulns in Windows and other code Rubbish software security patches responsible for a quarter of zero-days last year

Patch Tuesday For its February Patch Day, Microsoft released security advisories covering 56 CVE-assigned vulnerabilities, 11 of them rated critical. In doing so, the Windows giant managed to publish a misspelled URL on the landing page for its February updates that instead of taking visitors to the intended Microsoft Security Response Center post about API changes, pointed to msrc-blog.microosft.com, which turns out to be a typo-bait domain. It redirects visitors to a findanswersnow.net search ...

CVE-2021-21477

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect