CVE-2021-40504 (GCVE-0-2021-40504)
Vulnerability from cvelistv5 – Published: 2021-11-10 15:29 – Updated: 2024-08-04 02:44
VLAI
Summary
A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/3105728 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP NetWeaver AS for ABAP and ABAP Platform |
Affected:
< 700
Affected: < 701 Affected: < 702 Affected: < 710 Affected: < 711 Affected: < 730 Affected: < 731 Affected: < 740 Affected: < 750 Affected: < 751 Affected: < 752 Affected: < 753 Affected: < 754 Affected: < 755 Affected: < 756 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:10.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3105728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS for ABAP and ABAP Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 700"
},
{
"status": "affected",
"version": "\u003c 701"
},
{
"status": "affected",
"version": "\u003c 702"
},
{
"status": "affected",
"version": "\u003c 710"
},
{
"status": "affected",
"version": "\u003c 711"
},
{
"status": "affected",
"version": "\u003c 730"
},
{
"status": "affected",
"version": "\u003c 731"
},
{
"status": "affected",
"version": "\u003c 740"
},
{
"status": "affected",
"version": "\u003c 750"
},
{
"status": "affected",
"version": "\u003c 751"
},
{
"status": "affected",
"version": "\u003c 752"
},
{
"status": "affected",
"version": "\u003c 753"
},
{
"status": "affected",
"version": "\u003c 754"
},
{
"status": "affected",
"version": "\u003c 755"
},
{
"status": "affected",
"version": "\u003c 756"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T15:29:16.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3105728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-40504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS for ABAP and ABAP Platform",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "700"
},
{
"version_name": "\u003c",
"version_value": "701"
},
{
"version_name": "\u003c",
"version_value": "702"
},
{
"version_name": "\u003c",
"version_value": "710"
},
{
"version_name": "\u003c",
"version_value": "711"
},
{
"version_name": "\u003c",
"version_value": "730"
},
{
"version_name": "\u003c",
"version_value": "731"
},
{
"version_name": "\u003c",
"version_value": "740"
},
{
"version_name": "\u003c",
"version_value": "750"
},
{
"version_name": "\u003c",
"version_value": "751"
},
{
"version_name": "\u003c",
"version_value": "752"
},
{
"version_name": "\u003c",
"version_value": "753"
},
{
"version_name": "\u003c",
"version_value": "754"
},
{
"version_name": "\u003c",
"version_value": "755"
},
{
"version_name": "\u003c",
"version_value": "756"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3105728",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3105728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-40504",
"datePublished": "2021-11-10T15:29:16.000Z",
"dateReserved": "2021-09-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:44:10.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-40504",
"date": "2026-05-29",
"epss": "0.00106",
"percentile": "0.28286"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98B2522A-B850-4EC2-B2F2-5EBF36801B39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"706FEB9E-3EE9-405E-A8C9-733DAF68AC6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B5BF1EC-C2A6-486B-8E63-0A7ED431C1F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17847B21-8BE6-4359-913B-B6592D37C655\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F1B47E4-C4E3-4D79-9048-EF6A82B8085E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CC29738-CF17-4E6B-9C9E-879B17F7E001\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"127E508F-6CC1-41C8-96DF-8D14FFDD4020\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7777AA80-1608-420E-B7D5-09ABECD51728\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0539618A-1C4D-463F-B2BB-DD1C239C23EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62828DCD-F80E-4C7C-A988-EFEA06A5223E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9F38585-73AE-4DBB-A978-F0272DF8FB58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D416C064-BB8A-4230-A761-84A93E017F79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72491771-4492-4902-9F0C-CE6A60BAA705\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.\"}, {\"lang\": \"es\", \"value\": \"Un determinado rol de plantilla en SAP NetWeaver Application Server para ABAP y ABAP Platform - versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contiene autorizaciones de transporte, que exceden los permisos esperados de s\\u00f3lo visualizaci\\u00f3n\"}]",
"id": "CVE-2021-40504",
"lastModified": "2024-11-21T06:24:16.830",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-11-10T16:15:08.833",
"references": "[{\"url\": \"https://launchpad.support.sap.com/#/notes/3105728\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864\", \"source\": \"cna@sap.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/3105728\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cna@sap.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-40504\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2021-11-10T16:15:08.833\",\"lastModified\":\"2024-11-21T06:24:16.830\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.\"},{\"lang\":\"es\",\"value\":\"Un determinado rol de plantilla en SAP NetWeaver Application Server para ABAP y ABAP Platform - versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contiene autorizaciones de transporte, que exceden los permisos esperados de s\u00f3lo visualizaci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98B2522A-B850-4EC2-B2F2-5EBF36801B39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"706FEB9E-3EE9-405E-A8C9-733DAF68AC6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B5BF1EC-C2A6-486B-8E63-0A7ED431C1F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17847B21-8BE6-4359-913B-B6592D37C655\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F1B47E4-C4E3-4D79-9048-EF6A82B8085E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CC29738-CF17-4E6B-9C9E-879B17F7E001\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"127E508F-6CC1-41C8-96DF-8D14FFDD4020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7777AA80-1608-420E-B7D5-09ABECD51728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0539618A-1C4D-463F-B2BB-DD1C239C23EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62828DCD-F80E-4C7C-A988-EFEA06A5223E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9F38585-73AE-4DBB-A978-F0272DF8FB58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D416C064-BB8A-4230-A761-84A93E017F79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72491771-4492-4902-9F0C-CE6A60BAA705\"}]}]}],\"references\":[{\"url\":\"https://launchpad.support.sap.com/#/notes/3105728\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/3105728\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…