SAP Commerce Critical Security Bug Allows RCE
SAP has reported that they are aware of a critical vulnerability in its SAP Commerce platform, which provides services for e-commerce businesses. The flaw could allow for remote code execution (RCE) that, according to researchers, could compromise or disrupt the application. SAP Commerce’s main offering is in organizing data to be dispersed across multiple channels, allowing companies a leg up in complex supply chain management issues.
The vulnerability affects SAP Commerce versions 1808, 1811, 1905, 2005, and 2011, and ranking 9.9 out of 10 on the CVSS scale, it is categorized as critical in severity. The severity score represents the potential impact on the application if the vulnerability were to be exploited. Onapsis released a Tuesday analysis advising users to mitigate the vulnerability as soon as possible to avoid any further risk.