CVE-2021-33678

🗓️ 14 Jul 2021 11:04:19Reported by sapType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 78 Views

Function module of SAP NetWeaver AS ABAP (Reconciliation Framework) allows code injection leading to critical info deletion

Reporter	Title	Published	Views	Family All 10
CNNVD	SAP NetWeaver AS ABAP 代码注入漏洞	13 Jul 202100:00	–	cnnvd
Cvelist	CVE-2021-33678	14 Jul 202111:04	–	cvelist
EUVD	EUVD-2021-20355	7 Oct 202500:30	–	euvd
NCSC	Vulnerabilities fixed in SAP products	13 Jul 202100:00	–	ncsc
NVD	CVE-2021-33678	14 Jul 202112:15	–	nvd
Packet Storm	SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization	19 May 202200:00	–	packetstorm
Prion	Design/Logic Flaw	14 Jul 202112:15	–	prion
Positive Technologies	PT-2021-20256 · Sap · Sap Netweaver As Abap	14 Jul 202100:00	–	ptsecurity
RedhatCVE	CVE-2021-33678	22 May 202521:07	–	redhatcve
Tenable Nessus	SAP NetWeaver AS ABAP Code Injection (3048657)	19 Jul 202100:00	–	nessus

NVD

Vulners

Node

sap netweaver_application_server_abapMatch75a

sap netweaver_application_server_abapMatch75b

sap netweaver_application_server_abapMatch75c

sap netweaver_application_server_abapMatch75d

sap netweaver_application_server_abapMatch75e

sap netweaver_application_server_abapMatch75f

sap netweaver_application_server_abapMatch700

sap netweaver_application_server_abapMatch701

sap netweaver_application_server_abapMatch702

sap netweaver_application_server_abapMatch710

sap netweaver_application_server_abapMatch711

sap netweaver_application_server_abapMatch730

sap netweaver_application_server_abapMatch731

sap netweaver_application_server_abapMatch740

sap netweaver_application_server_abapMatch750

sap netweaver_application_server_abapMatch751

sap netweaver_application_server_abapMatch752

[
  {
    "product": "SAP NetWeaver AS ABAP (Reconciliation Framework)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 700"
      },
      {
        "status": "affected",
        "version": "< 701"
      },
      {
        "status": "affected",
        "version": "< 702"
      },
      {
        "status": "affected",
        "version": "< 710"
      },
      {
        "status": "affected",
        "version": "< 711"
      },
      {
        "status": "affected",
        "version": "< 730"
      },
      {
        "status": "affected",
        "version": "< 731"
      },
      {
        "status": "affected",
        "version": "< 740"
      },
      {
        "status": "affected",
        "version": "< 750"
      },
      {
        "status": "affected",
        "version": "< 751"
      },
      {
        "status": "affected",
        "version": "< 752"
      },
      {
        "status": "affected",
        "version": "< 75A"
      },
      {
        "status": "affected",
        "version": "< 75B"
      },
      {
        "status": "affected",
        "version": "< 75C"
      },
      {
        "status": "affected",
        "version": "< 75D"
      },
      {
        "status": "affected",
        "version": "< 75E"
      },
      {
        "status": "affected",
        "version": "< 75F"
      }
    ]
  }
]

Source	Link
launchpad	www.launchpad.support.sap.com/
packetstormsecurity	www.packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html
seclists	www.seclists.org/fulldisclosure/2022/May/42
wiki	www.wiki.scn.sap.com/wiki/pages/viewpage.action

21 Nov 2024 06:09Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.5

CVSS 27.5

CVSS 36.5

EPSS0.02162