CVE-2021-38178

Published: Oct 12, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data.

Affected (28)

Products: Sap: Netweaver Abap, Netweaver Application Server Abap

Sap

2 products

Netweaver Abap

Netweaver Application Server Abap

Configuration A

28 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver Abap	Version 700
Sap Netweaver Abap	Version 701
Sap Netweaver Abap	Version 702
Sap Netweaver Abap	Version 710
Sap Netweaver Abap	Version 730
Sap Netweaver Abap	Version 731
Sap Netweaver Abap	Version 740
Sap Netweaver Abap	Version 750
Sap Netweaver Abap	Version 751
Sap Netweaver Abap	Version 752
Sap Netweaver Abap	Version 753
Sap Netweaver Abap	Version 754
Sap Netweaver Abap	Version 755
Sap Netweaver Abap	Version 756
Sap Netweaver Application Server Abap	Version 700
Sap Netweaver Application Server Abap	Version 701
Sap Netweaver Application Server Abap	Version 702
Sap Netweaver Application Server Abap	Version 710
Sap Netweaver Application Server Abap	Version 730
Sap Netweaver Application Server Abap	Version 731
Sap Netweaver Application Server Abap	Version 740
Sap Netweaver Application Server Abap	Version 750
Sap Netweaver Application Server Abap	Version 751
Sap Netweaver Application Server Abap	Version 752
Sap Netweaver Application Server Abap	Version 753
Sap Netweaver Application Server Abap	Version 754
Sap Netweaver Application Server Abap	Version 755
Sap Netweaver Application Server Abap	Version 756

References (4)

https://launchpad.support.sap.com/#/notes/3097887

Source: cna@sap.com

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3097887

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.