SAP Commerce Product Has Vulnerability : vimarsana.com

SAP Commerce Product Has Vulnerability

BankInfoSecurity
Compliance
March 29, 2021
March 31, 2021
Compliance
@prajeetspeaks) •
February 12, 2021
Get Permission
SAP has issued a patch and remediation advice for a critical remote code execution vulnerability in its SAP Commerce product that could, if exploited, disrupt the entire system.
SAP Commerce organizes data, such as product information, to be propagated across communication channels.
"Due to a misconfiguration of the default user permissions that are shipped with SAP Commerce, several lower-privileged users and user groups gain permissions to change DroolsRule ruleContents and thus gain unintended access to these scripting facilities," says Thomas Fritsch of Onapsis Research Labs.
This vulnerability could enable unauthorized users to inject malicious code into these scripts, resulting in a strong negative impact on the application’s confidentiality, integrity and availability, he adds.

Related Keywords

Thomas Fritsch , Adviceprajeet Nair , Onapsis Research Labs , Application Security , Fraud Management , Fraud Risk , Product Has Vulnerabilitycompany Issues Patch , Remediation Adviceprajeet Nair , Product Has , Brand Impersonation , Onapsis Research , Researchers Identify , Weaver Application Server , Users Urged , Patch Critical Flaw , Server Enterprise , Researchers Disclose , Sap , Drools , Rce , Remote Code Execution , Sap Commerce Product , தாமஸ் ஃப்ரிச் , விண்ணப்பம் பாதுகாப்பு , மோசடி மேலாண்மை , மோசடி ஆபத்து , ப்ராடக்ட் உள்ளது , ஆராய்ச்சியாளர்கள் அடையாளம் , நெசவாளர் விண்ணப்பம் சேவையகம் , சேவையகம் நிறுவன , சப் , ர்சே , தொலைநிலை குறியீடு மரணதண்டனை , சப் வர்த்தகம் ப்ராடக்ட் ,