Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2021-33678

Published: 14/07/2021 Updated: 05/10/2022
CVSS v2 Base Score: 7.5 | Impact Score: 7.8 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 5.2 | Exploitability Score: 1.2
VMScore: 668
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:C
Subscribe to Sap

Vulnerability Summary

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged malicious user to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sap netweaver application server abap 702

sap netweaver application server abap 750

sap netweaver application server abap 752

sap netweaver application server abap 700

sap netweaver application server abap 710

sap netweaver application server abap 730

sap netweaver application server abap 731

sap netweaver application server abap 711

sap netweaver application server abap 740

sap netweaver application server abap 751

sap netweaver application server abap 75a

sap netweaver application server abap 75b

sap netweaver application server abap 75c

sap netweaver application server abap 75d

sap netweaver application server abap 75e

sap netweaver application server abap 701

sap netweaver application server abap 75f

Exploits

Exploit DB: SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
The SAP application server ABAP and ABAP Platform are susceptible to code injection, SQL injection, and missing authorization vulnerabilities Multiple SAP products are affected ...

References

CWE-95https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506https://launchpad.support.sap.com/#/notes/3048657http://seclists.org/fulldisclosure/2022/May/42http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook