CVE-2021-21468

🗓️ 12 Jan 2021 14:40:53Reported by sapType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 48 Views

BW Database Interface lacks necessary authorization checks, leading to privilege escalation

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2021-21468	12 Jan 202118:52	–	circl
CNNVD	SAP Business Information Warehouse SQL注入漏洞	12 Jan 202100:00	–	cnnvd
CNVD	SAP Business Information Warehouse SQL Injection Vulnerability	14 Jan 202100:00	–	cnvd
Cvelist	CVE-2021-21468	12 Jan 202114:40	–	cvelist
EUVD	EUVD-2021-8742	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP products	12 Jan 202100:00	–	ncsc
NVD	CVE-2021-21468	12 Jan 202115:15	–	nvd
OSV	CVE-2021-21468	12 Jan 202115:15	–	osv
Packet Storm	SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization	19 May 202200:00	–	packetstorm
Prion	Authorization	12 Jan 202115:15	–	prion

NVD

Vulners

Node

sap business_warehouseMatch710

sap business_warehouseMatch711

sap business_warehouseMatch730

sap business_warehouseMatch731

sap business_warehouseMatch740

sap business_warehouseMatch750

sap business_warehouseMatch751

sap business_warehouseMatch752

sap business_warehouseMatch753

sap business_warehouseMatch754

sap business_warehouseMatch755

sap business_warehouseMatch782

[
  {
    "product": "SAP Business Warehouse",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 710"
      },
      {
        "status": "affected",
        "version": "< 711"
      },
      {
        "status": "affected",
        "version": "< 730"
      },
      {
        "status": "affected",
        "version": "< 731"
      },
      {
        "status": "affected",
        "version": "< 740"
      },
      {
        "status": "affected",
        "version": "< 750"
      },
      {
        "status": "affected",
        "version": "< 751"
      },
      {
        "status": "affected",
        "version": "< 752"
      },
      {
        "status": "affected",
        "version": "< 753"
      },
      {
        "status": "affected",
        "version": "< 754"
      },
      {
        "status": "affected",
        "version": "< 755"
      },
      {
        "status": "affected",
        "version": "< 782"
      }
    ]
  }
]

Source	Link
wiki	www.wiki.scn.sap.com/wiki/pages/viewpage.action
launchpad	www.launchpad.support.sap.com/
seclists	www.seclists.org/fulldisclosure/2022/May/42
packetstormsecurity	www.packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html

21 Nov 2024 05:48Current

7.2High risk

Vulners AI Score7.2

CVSS 24

CVSS 3.16.5

CVSS 36.5

EPSS0.00451

CWE-862