CVE-2021-33678 Information

Jun 07, 2022 cve

Description

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework) versions - 700 701 702 710 711 730 731 740 750 751 752 75A 75B 75B 75C 75D 75E 75F allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Reference

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 https://launchpad.support.sap.com/#/notes/3048657 http://seclists.org/fulldisclosure/2022/May/42 http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

HIGH

Base Severity

6.5

Share on: