CVE-2021-38176

CVSS 9.9 CRITICALEPSS 1.2%

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 9.9EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

14 sep 2021Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Productos afectados

SAP SE · SAP Landscape Transformation SAP SE · SAP LT Replication Server SAP SE · SAP LTRS for S/4HANA SAP SE · SAP S/4HANA SAP SE · SAP Test Data Migration Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://launchpad.support.sap.com/#/notes/3089831 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405