Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-44235

Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system.

Published

2021-12-14T16:15:09.713

Last Modified

2024-11-21T06:30:39.247

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-78
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sap netweaver_application_server_abap 700 Yes
Application sap netweaver_application_server_abap 701 Yes
Application sap netweaver_application_server_abap 702 Yes
Application sap netweaver_application_server_abap 710 Yes
Application sap netweaver_application_server_abap 711 Yes
Application sap netweaver_application_server_abap 730 Yes
Application sap netweaver_application_server_abap 731 Yes
Application sap netweaver_application_server_abap 740 Yes
Application sap netweaver_application_server_abap 750 Yes
Application sap netweaver_application_server_abap 751 Yes
Application sap netweaver_application_server_abap 752 Yes
Application sap netweaver_application_server_abap 753 Yes
Application sap netweaver_application_server_abap 754 Yes
Application sap netweaver_application_server_abap 755 Yes
Application sap netweaver_application_server_abap 756 Yes
References