Security News > 2021 > February > SAP Commerce Critical Security Bug Allows RCE

SAP Commerce Critical Security Bug Allows RCE
2021-02-10 21:32

SAP is warning of a critical vulnerability in its SAP Commerce platform for e-commerce businesses.

Drools is an engine that makes up the rules engine for SAP Commerce.

A patch has been issued; however, Fritsch said, the fixes for the vulnerability only address the default permissions when initializing a new installation of SAP Commerce.

"The good news is that for existing installations, these manual remediation steps can be used as a full workaround for SAP Commerce installations that cannot install the latest patch releases in a timely manner."

The vulnerability update was one of seven security notes released on Tuesday by SAP. The other six releases were updates to previously released Patch Tuesday security notes.

Another critical-severity flaw that was previously released and updated on Tuesday included multiple flaws in SAP Business Warehouse, a data "Warehousing" product based on the SAP NetWeaver ABAP platform, which collects and stores data.


News URL

https://threatpost.com/sap-commerce-critical-security-bug/163822/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
SAP 329 25 680 386 113 1204