Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2021-33701

Published: 15/09/2021 Updated: 01/04/2022
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 9.1 | Impact Score: 6 | Exploitability Score: 2.3
VMScore: 580
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Sap

Vulnerability Summary

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sap dmis 710

sap dmis 2011_1_620

sap dmis 2011_1_640

sap dmis 2011_1_700

sap dmis 2011_1_710

sap dmis 2011_1_730

sap dmis 2011_1_731

sap dmis 2011_1_752

sap dmis 2020125

sap s4core 102

sap s4core 103

sap s4core 104

sap s4core 105

sap sapscore 125

Exploits

Exploit DB: SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG ABAP Code Injection
SAP Netweaver version SAP DMIS 2011_1_731 SP 0013 suffers from a remote ABAP code injection vulnerability in IUUC_RECON_RC_COUNT_TABLE_BIG ...
Exploit DB: SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG SQL Injection
SAP Netweaver suffers from a remote ADBC SQL injection vulnerability in IUUC_RECON_RC_COUNT_TABLE_BIG Other software and various versions are also affected ...

Mailing Lists

Full Disclosure: SEC Consult SA-20211214-0 :: Remote ADBC SQL Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20211214-0 :: Remote ADBC SQL Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG <!--X-Subject-He ...

References

CWE-89https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806https://launchpad.support.sap.com/#/notes/3078312http://seclists.org/fulldisclosure/2021/Dec/36http://seclists.org/fulldisclosure/2021/Dec/35http://packetstormsecurity.com/files/165303/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-SQL-Injection.htmlhttp://packetstormsecurity.com/files/165304/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-ABAP-Code-Injection.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/165304/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-ABAP-Code-Injection.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook