First published: Wed Jun 09 2021(Updated: )
SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP NetWeaver Application Server ABAP | =700 | |
SAP NetWeaver Application Server ABAP | =702 | |
SAP NetWeaver Application Server ABAP | =710 | |
SAP NetWeaver Application Server ABAP | =711 | |
SAP NetWeaver Application Server ABAP | =730 | |
SAP NetWeaver Application Server ABAP | =731 | |
SAP NetWeaver Application Server ABAP | =740 | |
SAP NetWeaver Application Server ABAP | =750 | |
SAP NetWeaver Application Server ABAP | =751 | |
SAP NetWeaver Application Server ABAP | =752 | |
SAP NetWeaver Application Server ABAP | =753 | |
SAP NetWeaver Application Server ABAP | =754 | |
SAP NetWeaver Application Server ABAP | =755 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this SAP NetWeaver AS ABAP and ABAP Platform vulnerability is CVE-2021-21473.
Versions 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, and 755 of SAP NetWeaver AS ABAP and ABAP Platform are affected by this vulnerability.
CVE-2021-21473 has a severity level of 6.3, which is considered medium.
The CWE ID for this vulnerability is 862.
Yes, you can find more information about this vulnerability at the following references: [PacketStorm Security](http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html), [Seclists](http://seclists.org/fulldisclosure/2022/May/42), [SAP Support Note](https://launchpad.support.sap.com/#/notes/3002517)