SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application.

Related CVEs

CVE-2021-21477

Key Information

GHSA ID

GHSA-jg2g-jq85-v7jw

Published

May 24, 2022 5:41 PM

Last Modified

May 24, 2022 5:41 PM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 25, 2025 8:46 PM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.