CVE-2021-21473Missing Authorization in SE SAP Netweaver AS Abap AND Abap Platform

CWE-862Missing Authorization3 documents3 sources
Severity
6.3MEDIUMNVD
EPSS
0.5%
top 35.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver AS Abap AND Abap PlatformSAP Netweaver Application Server Abap
Timeline
PublishedJun 9
Latest updateMay 24

Description

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

NVDsap/netweaver_application13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-38gp-jhv5-4hgh: SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_2022-05-24
CVEList
CVE-2021-21473: SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_2021-06-09
CVE-2021-21473 — Missing Authorization | cvebase