Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-40496

SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.

Published

2021-10-12T15:15:09.267

Last Modified

2024-11-21T06:24:15.753

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-668
Type: Secondary
CWE-668

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	netweaver_abap	700	Yes
Application	sap	netweaver_abap	701	Yes
Application	sap	netweaver_abap	702	Yes
Application	sap	netweaver_abap	730	Yes
Application	sap	netweaver_abap	731	Yes
Application	sap	netweaver_abap	740	Yes
Application	sap	netweaver_abap	750	Yes
Application	sap	netweaver_abap	751	Yes
Application	sap	netweaver_abap	752	Yes
Application	sap	netweaver_abap	753	Yes
Application	sap	netweaver_abap	754	Yes
Application	sap	netweaver_abap	755	Yes
Application	sap	netweaver_abap	756	Yes
Application	sap	netweaver_abap	785	Yes
Application	sap	netweaver_application_server_abap	700	Yes
Application	sap	netweaver_application_server_abap	701	Yes
Application	sap	netweaver_application_server_abap	702	Yes
Application	sap	netweaver_application_server_abap	730	Yes
Application	sap	netweaver_application_server_abap	731	Yes
Application	sap	netweaver_application_server_abap	740	Yes
Application	sap	netweaver_application_server_abap	750	Yes
Application	sap	netweaver_application_server_abap	751	Yes
Application	sap	netweaver_application_server_abap	752	Yes
Application	sap	netweaver_application_server_abap	753	Yes
Application	sap	netweaver_application_server_abap	754	Yes
Application	sap	netweaver_application_server_abap	755	Yes
Application	sap	netweaver_application_server_abap	756	Yes
Application	sap	netweaver_application_server_abap	785	Yes

References

https://launchpad.support.sap.com/#/notes/3087254 Permissions Required, Vendor Advisory ([email protected])
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 Vendor Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/3087254 Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)