CVE-2021-27599 — Sensitive Information Exposure in SE SAP Process Integration

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 53.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Process Integration SAP Netweaver Process Integration

Timeline

PublishedApr 14

Latest updateMay 24

Description

SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDsap/netweaver_process_integration5 versions+4

▶CVEListV5sap_se/sap_process_integration< 7.10+4

🔴Vulnerability Details

GHSA

GHSA-x48c-g5j2-gv88: SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7↗2022-05-24

▶

CVEList

CVE-2021-27599: SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7↗2021-04-14

▶