VDB
CVE-2021-38176
CVE-2021-38176
PUBLISHED
CVSS 9.899999618530273 CRITICAL
Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system.
EPSS 0.72% · 72.9th percentile
Risk Scores
CVSS 3.0
9.899999618530273
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.72%
72.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP SE | SAP Landscape Transformation | < 2.0 |
| SAP SE | SAP Test Data Migration Server | < 4.0 |
| SAP SE | SAP LTRS for S/4HANA | < 1.0 |
| sap | test_data_migration_server | 4.0 |
| SAP SE | SAP S/4HANA | < 1909, < 2020, < 2021 |
| sap | s\/4hana | 2020, 1610, 1511 |
| sap | landscape_transformation_replication_server | 1.0, 2.0, 3.0 |
| SAP SE | SAP LT Replication Server | *, < 2.0 |
| sap | landscape_transformation | 2.0 |
Exploit Intelligence
Timeline
- Sep 14, 2021 CVE Published
- Sep 15, 2021 EPSS Score
- Oct 5, 2021 EPSS Score
- Nov 11, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 8, 2022 EPSS Score
- Mar 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 3, 2022 EPSS Score
- Jun 29, 2022 EPSS Score
- Oct 23, 2022 EPSS Score
- Dec 20, 2022 EPSS Score