VDB

CVE-2021-38178

CVE-2021-38178 PUBLISHED CVSS 8.800000190734863 HIGH

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data.

EPSS 0.54% · 67.5th percentile

Risk Scores

CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.54%
67.5th percentile

Affected Products

VendorProductVersions
sapnetweaver_abap700, 756, 755
SAP SESAP NetWeaver AS ABAP and ABAP Platform*, *, < 700
sapnetweaver_application_server_abap700, 740, 750

Timeline

  • Oct 12, 2021 CVE Published
  • Oct 13, 2021 EPSS Score
  • Dec 8, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 30, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 25, 2022 EPSS Score
  • Jul 21, 2022 EPSS Score
  • Nov 10, 2022 EPSS Score
  • Jan 4, 2023 EPSS Score
  • Mar 1, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›