Vulnerabilities > CVE-2021-33678 - Unspecified vulnerability in SAP Netweaver Application Server Abap
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
NONE Integrity impact
HIGH Availability impact
HIGH Summary
A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable.
Vulnerable Configurations
References
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html
- http://seclists.org/fulldisclosure/2022/May/42
- http://seclists.org/fulldisclosure/2022/May/42
- https://launchpad.support.sap.com/#/notes/3048657
- https://launchpad.support.sap.com/#/notes/3048657
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506