Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-38178

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data.

Published

2021-10-12T15:15:08.477

Last Modified

2024-11-21T06:16:34.560

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	netweaver_abap	700	Yes
Application	sap	netweaver_abap	701	Yes
Application	sap	netweaver_abap	702	Yes
Application	sap	netweaver_abap	710	Yes
Application	sap	netweaver_abap	730	Yes
Application	sap	netweaver_abap	731	Yes
Application	sap	netweaver_abap	740	Yes
Application	sap	netweaver_abap	750	Yes
Application	sap	netweaver_abap	751	Yes
Application	sap	netweaver_abap	752	Yes
Application	sap	netweaver_abap	753	Yes
Application	sap	netweaver_abap	754	Yes
Application	sap	netweaver_abap	755	Yes
Application	sap	netweaver_abap	756	Yes
Application	sap	netweaver_application_server_abap	700	Yes
Application	sap	netweaver_application_server_abap	701	Yes
Application	sap	netweaver_application_server_abap	702	Yes
Application	sap	netweaver_application_server_abap	710	Yes
Application	sap	netweaver_application_server_abap	730	Yes
Application	sap	netweaver_application_server_abap	731	Yes
Application	sap	netweaver_application_server_abap	740	Yes
Application	sap	netweaver_application_server_abap	750	Yes
Application	sap	netweaver_application_server_abap	751	Yes
Application	sap	netweaver_application_server_abap	752	Yes
Application	sap	netweaver_application_server_abap	753	Yes
Application	sap	netweaver_application_server_abap	754	Yes
Application	sap	netweaver_application_server_abap	755	Yes
Application	sap	netweaver_application_server_abap	756	Yes

References

https://launchpad.support.sap.com/#/notes/3097887 Permissions Required ([email protected])
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 Vendor Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/3097887 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)