CVE-2021-33678

Sažetak

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable.

Reference

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
https://launchpad.support.sap.com/#/notes/3048657
http://seclists.org/fulldisclosure/2022/May/42
http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html

CVSS

Base:	7.5
Impact:	7.8
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:C

Zadnje važnije ažuriranje

05-10-2022 - 14:16

Objavljeno

14-07-2021 - 12:15