Versio.io

CVE-2021-21466

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 12-01-2021 04:15
Last modified: - 19-05-2022 08:15
Total changes: - 8

Description

SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which could be used to get access to sensitive data, to inject malicious UPDATE statements that could have also impact on the operating system, to disrupt the functionality of the SAP system which can thereby lead to a Denial of Service.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
8.8
Base score
2.8
5.9
Exploitability score
Impact score
 

Verification logic

OR
vendor=sap AND product=bw\/4hana AND version=200
vendor=sap AND product=bw\/4hana AND version=100
vendor=sap AND product=business_warehouse AND version=701
vendor=sap AND product=business_warehouse AND version=702
vendor=sap AND product=business_warehouse AND version=731
vendor=sap AND product=business_warehouse AND version=740
vendor=sap AND product=business_warehouse AND version=750
vendor=sap AND product=business_warehouse AND version=782
vendor=sap AND product=business_warehouse AND version=700
vendor=sap AND product=business_warehouse AND version=730
vendor=sap AND product=business_warehouse AND version=711
 

Reference

 


Keywords

NVD

 

CVE-2021-21466

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.