CVE-2021-27610

Summary

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 700affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 701affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 702affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 731affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 740affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 750affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 751affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 752affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 753affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 754affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 755affected
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 804affected

Weaknesses

  • Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References