Product
SAP Commerce Cloud is vulnerable to unauthenticated malicious configuration upload and code injection due to improper Spring Security configuration, resulting in arbitrary server-side code execution.