CVE-2021-21473 Information
Jun 07, 2022
cve
Description
SAP NetWeaver AS ABAP and ABAP Platform versions - 700 702 710 711 730 731 740 750 751 752 753 754 755 contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Reference
https://launchpad.support.sap.com/#/notes/3002517 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 http://seclists.org/fulldisclosure/2022/May/42 http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
LOW
Base Severity
6.3
Share on: