CVE-2021-33678

Summary

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS ABAP (Reconciliation Framework)< 700affected
SAP SESAP NetWeaver AS ABAP (Reconciliation Framework)< 701affected
SAP SESAP NetWeaver AS ABAP (Reconciliation Framework)< 702affected
SAP SESAP NetWeaver AS ABAP (Reconciliation Framework)< 710affected
SAP SESAP NetWeaver AS ABAP (Reconciliation Framework)< 711affected
SAP SESAP NetWeaver AS ABAP (Reconciliation Framework)< 730affected
SAP SESAP NetWeaver AS ABAP (Reconciliation Framework)< 731affected
SAP SESAP NetWeaver AS ABAP (Reconciliation Framework)< 740affected
SAP SESAP NetWeaver AS ABAP (Reconciliation Framework)< 750affected
SAP SESAP NetWeaver AS ABAP (Reconciliation Framework)< 751affected
SAP SESAP NetWeaver AS ABAP (Reconciliation Framework)< 752affected
SAP SESAP NetWeaver AS ABAP (Reconciliation Framework)< 75Aaffected
SAP SESAP NetWeaver AS ABAP (Reconciliation Framework)< 75Baffected
SAP SESAP NetWeaver AS ABAP (Reconciliation Framework)< 75Caffected
SAP SESAP NetWeaver AS ABAP (Reconciliation Framework)< 75Daffected
SAP SESAP NetWeaver AS ABAP (Reconciliation Framework)< 75Eaffected
SAP SESAP NetWeaver AS ABAP (Reconciliation Framework)< 75Faffected

Weaknesses

  • CWE-95: CWE-95 (Code Injection)

ADP Enrichment

CVE Program Container

Additional References

References