CVE-2021-21466

CWE-94Code Injection3 documents3 sources
Severity
8.8HIGH
EPSS
2.5%
top 14.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SAP SE SAP Business WarehouseSAP SE SAP Bw/4hanaSAP Business Warehouse+1 more
Timeline
PublishedJan 12
Latest updateMay 24

Description

SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which could be used to get access to sensitive data, to inject malicious UPDATE statements that could have also impact on the operating system, to disrupt the functionality of the SAP system which can thereby le

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDsap/business_warehouse9 versions+8
CVEListV5sap_se/sap_bw/4hana< 100+1
NVDsap/bw\/4hana100, 200+1

🔴Vulnerability Details

2
GHSA
GHSA-xcp4-49mj-2j86: SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to i2022-05-24
CVEList
CVE-2021-21466: SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to i2021-01-12
CVE-2021-21466 (HIGH CVSS 8.8) | SAP Business Warehouse | cvebase.io