Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-44231
HistoryDec 14, 2021 - 4:15 p.m.

CVE-2021-44231

2021-12-1416:15:09
CWE-94
[email protected]
web.nvd.nist.gov
25
2
cve-2021-44231
text extraction
code injection
application behavior
security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.006

Percentile

77.7%

JSON

Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

Affected configurations

NVD
Node
sapabap_platformMatch701
OR
sapabap_platformMatch740
OR
sapabap_platformMatch750
OR
sapabap_platformMatch751
OR
sapabap_platformMatch752
OR
sapabap_platformMatch753
OR
sapabap_platformMatch754
OR
sapabap_platformMatch755
OR
sapabap_platformMatch756
OR
sapabap_platformMatch804
OR
sapnetweaver_application_server_abapMatch701
OR
sapnetweaver_application_server_abapMatch740
OR
sapnetweaver_application_server_abapMatch750
OR
sapnetweaver_application_server_abapMatch751
OR
sapnetweaver_application_server_abapMatch752
OR
sapnetweaver_application_server_abapMatch753
OR
sapnetweaver_application_server_abapMatch754
OR
sapnetweaver_application_server_abapMatch755
OR
sapnetweaver_application_server_abapMatch756
OR
sapnetweaver_application_server_abapMatch804
VendorProductVersionCPE
sapabap_platform804cpe:/a:sap:abap_platform:804:::
sapabap_platform752cpe:/a:sap:abap_platform:752:::
sapnetweaver_application_server_abap752cpe:/a:sap:netweaver_application_server_abap:752:::
sapabap_platform754cpe:/a:sap:abap_platform:754:::
sapabap_platform756cpe:/a:sap:abap_platform:756:::
sapabap_platform751cpe:/a:sap:abap_platform:751:::
sapabap_platform701cpe:/a:sap:abap_platform:701:::
sapabap_platform750cpe:/a:sap:abap_platform:750:::
sapabap_platform753cpe:/a:sap:abap_platform:753:::
sapnetweaver_application_server_abap750cpe:/a:sap:netweaver_application_server_abap:750:::
Rows per page:
1-10 of 201

CNA Affected

[
  {
    "product": "SAP ABAP Server & ABAP Platform (Translation Tools)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 701"
      },
      {
        "status": "affected",
        "version": "< 740"
      },
      {
        "status": "affected",
        "version": "< 750"
      },
      {
        "status": "affected",
        "version": "< 751"
      },
      {
        "status": "affected",
        "version": "< 752"
      },
      {
        "status": "affected",
        "version": "< 753"
      },
      {
        "status": "affected",
        "version": "< 754"
      },
      {
        "status": "affected",
        "version": "< 755"
      },
      {
        "status": "affected",
        "version": "< 756"
      },
      {
        "status": "affected",
        "version": "< 804"
      }
    ]
  }
]

Social References

More

Related

nessus 1
prion 1
cvelist 1
nvd 1
nessus
nessus
SAP NetWeaver AS ABAP and Code Injection (3119365)
2022-05-30 00:00:00
prion
prion
Code injection
2021-12-14 16:15:00
cvelist
cvelist
CVE-2021-44231
2021-12-14 15:44:08
nvd
nvd
CVE-2021-44231
2021-12-14 16:15:09

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.006

Percentile

77.7%

JSON
Related for CVE-2021-44231
nessus1prion1cvelist1nvd1