CVE-2021-21465

CWE-89SQL Injection3 documents3 sources
Severity
9.9CRITICAL
EPSS
1.4%
top 19.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business WarehouseSAP Business Warehouse
Timeline
PublishedJan 12
Latest updateMay 24

Description

The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

CVEListV5sap_se/sap_business_warehouse< 710+11
NVDsap/business_warehouse12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-8424-8x2w-j5fr: The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database2022-05-24
CVEList
CVE-2021-21465: The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database2021-01-12
CVE-2021-21465 (CRITICAL CVSS 9.9) | The BW Database Interface allows an | cvebase.io