VDB

CVE-2021-33678

CVE-2021-33678 PUBLISHED CVSS 6.5 MEDIUM

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable.

EPSS 2.16% · 84.6th percentile

Risk Scores

CVSS 3.0
6.5
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
EPSS Score
2.16%
84.6th percentile

Affected Products

VendorProductVersions
sapnetweaver_application_server_abap75b, 75c, 75d
SAP SESAP NetWeaver AS ABAP (Reconciliation Framework)< 700, < 701, < 702

Timeline

  • Jul 13, 2021 CVE Published
  • Jul 15, 2021 EPSS Score
  • Sep 13, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Jan 10, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 9, 2022 EPSS Score
  • Jul 8, 2022 EPSS Score
  • Nov 5, 2022 EPSS Score
  • Jan 4, 2023 EPSS Score
  • Mar 4, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›