← Back

CVE-2021-27610

nvd nist
Published: Jun 16, 2021Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system.

Affected (24)

Sap
2 products
Netweaver Abap
Netweaver Application Server Abap
Configuration A
24 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Netweaver Abap
Version 700
Netweaver Abap
Version 701
Netweaver Abap
Version 702
Netweaver Abap
Version 731
Netweaver Abap
Version 740
Netweaver Abap
Version 750
Netweaver Abap
Version 751
Netweaver Abap
Version 752
Netweaver Abap
Version 753
Netweaver Abap
Version 754
Netweaver Abap
Version 755
Netweaver Abap
Version 804
Sap
Netweaver Application Server Abap
Version 700
Netweaver Application Server Abap
Version 701
Netweaver Application Server Abap
Version 702
Netweaver Application Server Abap
Version 731
Netweaver Application Server Abap
Version 740
Netweaver Application Server Abap
Version 750
Netweaver Application Server Abap
Version 751
Netweaver Application Server Abap
Version 752
Netweaver Application Server Abap
Version 753
Netweaver Application Server Abap
Version 754
Netweaver Application Server Abap
Version 755
Netweaver Application Server Abap
Version 804

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.