Live Breaking News & Updates on Patch critical flaw

Stay informed with the latest breaking news from Patch critical flaw on our comprehensive webpage. Get up-to-the-minute updates on local events, politics, business, entertainment, and more. Our dedicated team of journalists delivers timely and reliable news, ensuring you're always in the know. Discover firsthand accounts, expert analysis, and exclusive interviews, all in one convenient destination. Don't miss a beat — visit our webpage for real-time breaking news in Patch critical flaw and stay connected to the pulse of your community

SAP Commerce Product Has Vulnerability

BankInfoSecurity
Compliance
March 29, 2021
March 31, 2021
Compliance
@prajeetspeaks) •
February 12, 2021
Get Permission
SAP has issued a patch and remediation advice for a critical remote code execution vulnerability in its SAP Commerce product that could, if exploited, disrupt the entire system.
SAP Commerce organizes data, such as product information, to be propagated across communication channels.
"Due to a misconfiguration of the default user permissions that are shipped with SAP Commerce, several lower-privileged users and user groups gain permissions to change DroolsRule ruleContents and thus gain unintended access to these scripting facilities," says Thomas Fritsch of Onapsis Research Labs.
This vulnerability could enable unauthorized users to inject malicious code into these scripts, resulting in a strong negative impact on the application’s confidentiality, integrity and availability, he adds.

Thomas-fritsch , Adviceprajeet-nair , Onapsis-research-labs , Application-security , Fraud-management , Fraud-risk , Product-has-vulnerabilitycompany-issues-patch , Remediation-adviceprajeet-nair , Product-has , Brand-impersonation , Onapsis-research , Researchers-identify