CVE-2021-44231

CWE-94 — Code Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.7%

top 27.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Abap Server & Abap Platform (translation Tools)SAP Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedDec 14

Latest updateDec 15

Description

Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDsap/netweaver_application10 versions+9

▶CVEListV5sap_se/sap_abap_server_&_abap_platform_(translation_tools)< 701+9

▶NVDsap/abap_platform10 versions+9

🔴Vulnerability Details

GHSA

GHSA-9fmx-fx6p-rcq8: Internally used text extraction reports allow an attacker to inject code that can be executed by the application↗2021-12-15

▶

CVEList

CVE-2021-44231: Internally used text extraction reports allow an attacker to inject code that can be executed by the application↗2021-12-14

▶