VDB

CVE-2021-21466

CVE-2021-21466 PUBLISHED CVSS 9.899999618530273 CRITICAL

SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which could be used to get access to sensitive data, to inject malicious UPDATE statements that could have also impact on the operating system, to disrupt the functionality of the SAP system which can thereby lead to a Denial of Service.

EPSS 0.70% · 72.4th percentile

Risk Scores

CVSS 3.0
9.899999618530273
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.70%
72.4th percentile

Affected Products

VendorProductVersions
SAP SESAP Business Warehouse< 700, < 702, < 731
sapbw\/4hana100, 200
sapbusiness_warehouse700, 701, 702
SAP SESAP BW/4HANA< 100, < 200

Exploit Intelligence

Timeline

  • Jan 12, 2021 CVE Published
  • Apr 14, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 11, 2023 EPSS Score
  • Jul 14, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›