← volver
CVE-2021-21473

CVE-2021-21473

CVSS 6.3 MEDIUMEPSS 1.2%
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.3EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
09 jun 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Productos afectados
SAP SE · SAP NetWeaver AS ABAP and ABAP Platform (SRM_RFC_SUBMIT_REPORT)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.htmlhttp://seclists.org/fulldisclosure/2022/May/42https://launchpad.support.sap.com/#/notes/3002517https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999