CVE-2021-33678Eval Injection in SE SAP Netweaver AS Abap

CWE-95Eval InjectionCWE-94Code Injection3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
2.2%
top 15.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver AS AbapSAP Netweaver Application Server Abap
Timeline
PublishedJul 14
Latest updateMay 24

Description

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

CVEListV5sap_se/sap_netweaver_as_abap< 700+16
NVDsap/netweaver_application17 versions+16

🔴Vulnerability Details

2
GHSA
GHSA-85h8-fmxx-x269: A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B2022-05-24
CVEList
CVE-2021-33678: A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B2021-07-14
CVE-2021-33678 — Eval Injection | cvebase