VDB

CVE-2021-40496

CVE-2021-40496 PUBLISHED CVSS 4 MEDIUM

SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.

EPSS 0.42% · 61.9th percentile

Risk Scores

CVSS v2.0
4
EPSS Score
0.42%
61.9th percentile

Affected Products

VendorProductVersions
sapnetweaver_application_server_abap701, 702, 730
sapnetweaver_abap730, 701, 702
SAP SESAP NetWeaver AS ABAP and ABAP Platform< 701, < 702, < 730

Timeline

  • Oct 12, 2021 CVE Published
  • Oct 13, 2021 EPSS Score
  • Dec 8, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 3, 2022 EPSS Score
  • Mar 31, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 27, 2022 EPSS Score
  • Jul 23, 2022 EPSS Score
  • Sep 18, 2022 EPSS Score
  • Nov 13, 2022 EPSS Score
  • Jan 9, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›