Lucene search

K
cve[email protected]CVE-2021-44231
HistoryDec 14, 2021 - 4:15 p.m.

CVE-2021-44231

2021-12-1416:15:09
CWE-94
web.nvd.nist.gov
23
2
cve-2021-44231
text extraction
code injection
application behavior
security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.4%

Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

Affected configurations

NVD
Node
sapabap_platformMatch701
OR
sapabap_platformMatch740
OR
sapabap_platformMatch750
OR
sapabap_platformMatch751
OR
sapabap_platformMatch752
OR
sapabap_platformMatch753
OR
sapabap_platformMatch754
OR
sapabap_platformMatch755
OR
sapabap_platformMatch756
OR
sapabap_platformMatch804
OR
sapnetweaver_application_server_abapMatch701
OR
sapnetweaver_application_server_abapMatch740
OR
sapnetweaver_application_server_abapMatch750
OR
sapnetweaver_application_server_abapMatch751
OR
sapnetweaver_application_server_abapMatch752
OR
sapnetweaver_application_server_abapMatch753
OR
sapnetweaver_application_server_abapMatch754
OR
sapnetweaver_application_server_abapMatch755
OR
sapnetweaver_application_server_abapMatch756
OR
sapnetweaver_application_server_abapMatch804

CNA Affected

[
  {
    "product": "SAP ABAP Server & ABAP Platform (Translation Tools)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 701"
      },
      {
        "status": "affected",
        "version": "< 740"
      },
      {
        "status": "affected",
        "version": "< 750"
      },
      {
        "status": "affected",
        "version": "< 751"
      },
      {
        "status": "affected",
        "version": "< 752"
      },
      {
        "status": "affected",
        "version": "< 753"
      },
      {
        "status": "affected",
        "version": "< 754"
      },
      {
        "status": "affected",
        "version": "< 755"
      },
      {
        "status": "affected",
        "version": "< 756"
      },
      {
        "status": "affected",
        "version": "< 804"
      }
    ]
  }
]

Social References

More

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.4%

Related for CVE-2021-44231