CVE-2021-21466

Summary

SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which could be used to get access to sensitive data, to inject malicious UPDATE statements that could have also impact on the operating system, to disrupt the functionality of the SAP system which can thereby lead to a Denial of Service.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Business Warehouse< 700affected
SAP SESAP Business Warehouse< 701affected
SAP SESAP Business Warehouse< 702affected
SAP SESAP Business Warehouse< 711affected
SAP SESAP Business Warehouse< 730affected
SAP SESAP Business Warehouse< 731affected
SAP SESAP Business Warehouse< 740affected
SAP SESAP Business Warehouse< 750affected
SAP SESAP Business Warehouse< 782affected
SAP SESAP BW/4HANA< 100affected
SAP SESAP BW/4HANA< 200affected

Weaknesses

  • Code Injection

ADP Enrichment

CVE Program Container

Additional References

References