CVE-2021-40499 — Code Injection in SE SAP Netweaver Application Server FOR Abap

CWE-94 — Code Injection3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.7%

top 28.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server FOR Abap SAP Netweaver Application Server Abap

Timeline

PublishedOct 12

Latest updateMay 24

Description

Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_application_server_for_abap< 7.70+2

▶NVDsap/netweaver_application7.70, 7.70_pi, 7.70byd+2

🔴Vulnerability Details

GHSA

GHSA-fwc2-3ffv-pvfm: Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7↗2022-05-24

▶

CVEList

CVE-2021-40499: Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7↗2021-10-12

▶