CVE-2021-40496 Information

Jun 07, 2022 cve

Description

SAP Internet Communication framework (ICM) - versions 700 701 702 730 731 740 750 751 752 753 754 755 756 785 allows an attacker with logon functionality to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 https://launchpad.support.sap.com/#/notes/3087254

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3

Share on: