Vulnerabilities > CVE-2021-21473 - Missing Authorization vulnerability in SAP Netweaver Application Server Abap
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW Summary
SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html
- http://seclists.org/fulldisclosure/2022/May/42
- http://seclists.org/fulldisclosure/2022/May/42
- https://launchpad.support.sap.com/#/notes/3002517
- https://launchpad.support.sap.com/#/notes/3002517
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999