VDB
CVE-2021-33678
CVE-2021-33678
PUBLISHED
CVSS 6.5 MEDIUM
A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable.
EPSS 2.16% · 84.6th percentile
Risk Scores
CVSS 3.0
6.5
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
EPSS Score
2.16%
84.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| sap | netweaver_application_server_abap | 75b, 75c, 75d |
| SAP SE | SAP NetWeaver AS ABAP (Reconciliation Framework) | < 700, < 701, < 702 |
Exploit Intelligence
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html (nist-nvd)
- http://seclists.org/fulldisclosure/2022/May/42 (nist-nvd)
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 (circl)
- https://launchpad.support.sap.com/#/notes/3048657 (circl)
Timeline
- Jul 13, 2021 CVE Published
- Jul 15, 2021 EPSS Score
- Sep 13, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 10, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 9, 2022 EPSS Score
- Jul 8, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Jan 4, 2023 EPSS Score
- Mar 4, 2023 EPSS Score
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 advisory
- https://launchpad.support.sap.com/#/notes/3048657 url
- 20220518 SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP Application Server, ABAP and ABAP Platform (Different Software Components) mailing-list
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html url
- https://nvd.nist.gov/vuln/detail/CVE-2021-33678 advisory