A critical SAP cybersecurity flaw could allow for the compromise of an application used by e-commerce businesses. The vulnerability (CVE-2021-21477) affects SAP Commerce versions 1808, 1811, 1905, 2005 and 2011. It ranks 9.9 out of 10 on the CVSS scale making it critical in severity. A patch has been issued; however, the fixes for the vulnerability only address the default permissions when initializing a new installation of SAP Commerce. Microsoft addressed nine critical-severity security bugs in its February Patch Tuesday updates.
Source: https://threatpost.com/sap-commerce-critical-security-bug/163822/