Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
思爱普 SAP Commerce Cloud 代码注入漏洞
Vulnerability Description
SAP Commerce Cloud是德国思爱普(SAP)公司的一套基于云的电子商务平台。该产支持销售管理、营销管理、订单管理和运营管理等。 SAP Commerce Cloud 中存在代码注入漏洞,该漏洞源于允许某些具有所需权限的用户编辑drools规则,具有此权限的经过身份验证的攻击者将能够在drools规则中注入恶意代码,执行该规则时会导致远程代码执行漏洞,使攻击者能够危害基础主机,从而损害应用程序的机密性、完整性和可用性。以下产品及型号受到影响:SAP Commerce Cloud 1808, S
CVSS Information
N/A
Vulnerability Type
N/A