1. CVE-Search
  2. CVE-2021-21473
ID CVE-2021-21473
Summary SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform.
References
Vulnerable Configurations
  • cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 05-10-2022 - 14:16)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
Last major update 05-10-2022 - 14:16
Published 09-06-2021 - 14:15
Last modified 05-10-2022 - 14:16
Back to Top