Description: SAP NetWeaver AS ABAP and ABAP Platform, versions – 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform.
CVE-2021-21473
Published Date: 2021-06-09T14:15Z
Last Modified: 2022-10-05T14:16Z
CVSS Score: 6.3 (MEDIUM)
EPSS Score: 1.24%
Risk Score: 4.41 (MEDIUM)
Risk Score based on CVSS score and EPSS. This score is for reference purposes and is not internationally recognized.
CVSS:
6.3 |
EPSS:
1.24%
Mitre ATT&CK Technical v15.1
T1053.002 – At
Technical Analysis & Mitigation Measures
Reference Links
https://launchpad.support.sap.com/#/notes/3002517
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999
http://seclists.org/fulldisclosure/2022/May/42
http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html
Vendor - Produce - Version
netweaver_application_server_abap - sap, netweaver_application_server_abap - sap, netweaver_application_server_abap - sap, netweaver_application_server_abap - sap, netweaver_application_server_abap - sap, netweaver_application_server_abap - sap, netweaver_application_server_abap - sap, netweaver_application_server_abap - sap, netweaver_application_server_abap - sap, netweaver_application_server_abap - sap, netweaver_application_server_abap - sap, netweaver_application_server_abap - sap, netweaver_application_server_abap - sap
Disclaimer
The content on this website is automatically sourced from external websites such as the National Vulnerability Database (NVD), GitHub, and other security-related sources. This content is for reference purposes only, and we are not responsible for the accuracy or integrity of the information linked or displayed from these sources.