CVE-2021-21465

Summary

The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Business Warehouse< 710affected
SAP SESAP Business Warehouse< 711affected
SAP SESAP Business Warehouse< 730affected
SAP SESAP Business Warehouse< 731affected
SAP SESAP Business Warehouse< 740affected
SAP SESAP Business Warehouse< 750affected
SAP SESAP Business Warehouse< 751affected
SAP SESAP Business Warehouse< 752affected
SAP SESAP Business Warehouse< 753affected
SAP SESAP Business Warehouse< 754affected
SAP SESAP Business Warehouse< 755affected
SAP SESAP Business Warehouse< 782affected

Weaknesses

  • SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References