Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-44231

Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

Published

2021-12-14T16:15:09.583

Last Modified

2024-11-21T06:30:38.730

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-94
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sap abap_platform 701 Yes
Application sap abap_platform 740 Yes
Application sap abap_platform 750 Yes
Application sap abap_platform 751 Yes
Application sap abap_platform 752 Yes
Application sap abap_platform 753 Yes
Application sap abap_platform 754 Yes
Application sap abap_platform 755 Yes
Application sap abap_platform 756 Yes
Application sap abap_platform 804 Yes
Application sap netweaver_application_server_abap 701 Yes
Application sap netweaver_application_server_abap 740 Yes
Application sap netweaver_application_server_abap 750 Yes
Application sap netweaver_application_server_abap 751 Yes
Application sap netweaver_application_server_abap 752 Yes
Application sap netweaver_application_server_abap 753 Yes
Application sap netweaver_application_server_abap 754 Yes
Application sap netweaver_application_server_abap 755 Yes
Application sap netweaver_application_server_abap 756 Yes
Application sap netweaver_application_server_abap 804 Yes
References