CVE-2021-33678
6.5
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP NetWeaver AS ABAP (Reconciliation Framework) | < 700 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Reconciliation Framework) | < 701 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Reconciliation Framework) | < 702 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Reconciliation Framework) | < 710 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Reconciliation Framework) | < 711 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Reconciliation Framework) | < 730 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Reconciliation Framework) | < 731 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Reconciliation Framework) | < 740 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Reconciliation Framework) | < 750 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Reconciliation Framework) | < 751 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Reconciliation Framework) | < 752 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Reconciliation Framework) | < 75A | affected |
| SAP SE | SAP NetWeaver AS ABAP (Reconciliation Framework) | < 75B | affected |
| SAP SE | SAP NetWeaver AS ABAP (Reconciliation Framework) | < 75C | affected |
| SAP SE | SAP NetWeaver AS ABAP (Reconciliation Framework) | < 75D | affected |
| SAP SE | SAP NetWeaver AS ABAP (Reconciliation Framework) | < 75E | affected |
| SAP SE | SAP NetWeaver AS ABAP (Reconciliation Framework) | < 75F | affected |
Weaknesses
- CWE-95: CWE-95 (Code Injection)
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
- https://launchpad.support.sap.com/#/notes/3048657
- http://seclists.org/fulldisclosure/2022/May/42
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
- https://launchpad.support.sap.com/#/notes/3048657
- http://seclists.org/fulldisclosure/2022/May/42
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.