Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
578
VMScore

CVE-2021-27602

Published: 13/04/2021 Updated: 21/04/2021
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 9.9 | Impact Score: 6 | Exploitability Score: 3.1
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Sap

Vulnerability Summary

SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malicious code in the source rules and perform remote code execution enabling them to compromise the confidentiality, integrity and availability of the application.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

Recent Articles

Microsoft emits more fixes for Exchange Server plus patches for remote-code exec holes in HTTP stack, Visual Studio
The Register • Thomas Claburn in San Francisco • 11 May 2021

Plus: Grab your updates for Adobe, SAP, Android, Intel

Patch Tuesday Microsoft's May Patch Tuesday brought a lighter-than-usual load of 55 fixes for 32 of the Windows giant's applications and services, which is about half what was served up in April. The Redmond-based firm's Office and Windows flagships house many of the identified vulnerabilities, alongside Internet Explorer, Visual Studio, Visual Studio Code, Skype, and other software. Among the 55 CVEs identified by Microsoft, four are rated critical, 50 are rated important, and one is rated mode...

Read more...
NSA helps out Microsoft with critical Exchange Server vulnerability disclosures in an April shower of patches
The Register • Thomas Claburn in San Francisco • 13 Apr 2021

100+ fixes for the Windows world – plus holes in SAP, Adobe, FreeBSD, etc SAP: It takes exploit devs about 72 hours to turn one of our security patches into a weapon against customers

Patch Tuesday April showers bring hours of patches as Microsoft delivers its Patch Tuesday fun-fest consisting of over a hundred CVEs, including four Exchange Server vulnerabilities reported to the company by the US National Security Agency (NSA). Forty-four different products and services are affected, mainly having to do with Azure, Exchange Server, Office, Visual Studio Code, and Windows. Among the vulnerabilities, four have been publicly disclosed and a fifth is being actively exploited. Nin...

Read more...

References

CWE-94https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649https://launchpad.support.sap.com/#/notes/3040210https://nvd.nist.govhttps://www.theregister.co.uk/2021/04/13/patch_tuesday_april/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook