CVE-2021-27611
8.2
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP NetWeaver AS ABAP | < 700 | affected |
| SAP SE | SAP NetWeaver AS ABAP | < 701 | affected |
| SAP SE | SAP NetWeaver AS ABAP | < 702 | affected |
| SAP SE | SAP NetWeaver AS ABAP | < 730 | affected |
| SAP SE | SAP NetWeaver AS ABAP | < 731 | affected |
Weaknesses
- Code Injection
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655
- https://launchpad.support.sap.com/#/notes/3046610
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655
- https://launchpad.support.sap.com/#/notes/3046610
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.