cnvd - cnvd-2021-18228

cnvd-2021-18228

Vulnerability from cnvd

Title

SAP Business Warehouse和SAP BW/4HANA代码注入漏洞

Description

SAP Business Warehouse（BW）是SAP的数据仓库解决方案。SAP BW提供了高性能的基础架构，可帮助您评估和解释数据。决策者可以根据分析的数据做出有根据的决策，并确定针对目标的活动。 SAP Business Warehouse 700、701、702、711、730、731、740、750、782版本和SAP BW/4HANA 100、200版本存在代码注入漏洞。攻击者可通过远程启用功能模块利用该漏洞注入代码，获取敏感数据及导致拒绝服务。

Severity

中

Patch Name

SAP Business Warehouse和SAP BW/4HANA代码注入漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476

Reference

https://vigilance.fr/vulnerability/SAP-multiple-vulnerabilities-of-January-2021-34277

Impacted products

Name
['SAP SAP Business Warehouse 700', 'SAP SAP Business Warehouse 701', 'SAP SAP Business Warehouse 702', 'SAP SAP Business Warehouse 731', 'SAP SAP Business Warehouse 740', 'SAP SAP Business Warehouse 750', 'SAP SAP Business Warehouse 782', 'SAP Business Warehouse 711', 'SAP Business Warehouse 730', 'SAP BW/4HANA 100', 'SAP BW/4HANA 200']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-21466",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-21466"
    }
  },
  "description": "SAP Business Warehouse\uff08BW\uff09\u662fSAP\u7684\u6570\u636e\u4ed3\u5e93\u89e3\u51b3\u65b9\u6848\u3002SAP BW\u63d0\u4f9b\u4e86\u9ad8\u6027\u80fd\u7684\u57fa\u7840\u67b6\u6784\uff0c\u53ef\u5e2e\u52a9\u60a8\u8bc4\u4f30\u548c\u89e3\u91ca\u6570\u636e\u3002\u51b3\u7b56\u8005\u53ef\u4ee5\u6839\u636e\u5206\u6790\u7684\u6570\u636e\u505a\u51fa\u6709\u6839\u636e\u7684\u51b3\u7b56\uff0c\u5e76\u786e\u5b9a\u9488\u5bf9\u76ee\u6807\u7684\u6d3b\u52a8\u3002\n\nSAP Business Warehouse 700\u3001701\u3001702\u3001711\u3001730\u3001731\u3001740\u3001750\u3001782\u7248\u672c\u548cSAP BW/4HANA 100\u3001200\u7248\u672c\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8fdc\u7a0b\u542f\u7528\u529f\u80fd\u6a21\u5757\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4ee3\u7801\uff0c\u83b7\u53d6\u654f\u611f\u6570\u636e\u53ca\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-18228",
  "openTime": "2021-03-17",
  "patchDescription": "SAP Business Warehouse\uff08BW\uff09\u662fSAP\u7684\u6570\u636e\u4ed3\u5e93\u89e3\u51b3\u65b9\u6848\u3002SAP BW\u63d0\u4f9b\u4e86\u9ad8\u6027\u80fd\u7684\u57fa\u7840\u67b6\u6784\uff0c\u53ef\u5e2e\u52a9\u60a8\u8bc4\u4f30\u548c\u89e3\u91ca\u6570\u636e\u3002\u51b3\u7b56\u8005\u53ef\u4ee5\u6839\u636e\u5206\u6790\u7684\u6570\u636e\u505a\u51fa\u6709\u6839\u636e\u7684\u51b3\u7b56\uff0c\u5e76\u786e\u5b9a\u9488\u5bf9\u76ee\u6807\u7684\u6d3b\u52a8\u3002\r\n\r\nSAP Business Warehouse 700\u3001701\u3001702\u3001711\u3001730\u3001731\u3001740\u3001750\u3001782\u7248\u672c\u548cSAP BW/4HANA 100\u3001200\u7248\u672c\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8fdc\u7a0b\u542f\u7528\u529f\u80fd\u6a21\u5757\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4ee3\u7801\uff0c\u83b7\u53d6\u654f\u611f\u6570\u636e\u53ca\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP Business Warehouse\u548cSAP BW/4HANA\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SAP SAP Business Warehouse 700",
      "SAP SAP Business Warehouse 701",
      "SAP SAP Business Warehouse 702",
      "SAP SAP Business Warehouse 731",
      "SAP SAP Business Warehouse 740",
      "SAP SAP Business Warehouse 750",
      "SAP SAP Business Warehouse 782",
      "SAP Business Warehouse 711",
      "SAP Business Warehouse 730",
      "SAP BW/4HANA 100",
      "SAP BW/4HANA 200"
    ]
  },
  "referenceLink": "https://vigilance.fr/vulnerability/SAP-multiple-vulnerabilities-of-January-2021-34277",
  "serverity": "\u4e2d",
  "submitTime": "2021-01-18",
  "title": "SAP Business Warehouse\u548cSAP BW/4HANA\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2021-21466 (GCVE-0-2021-21466)

Vulnerability from cvelistv5

Published

2021-01-12 14:42

Modified

2024-08-03 18:16

Severity ?

9.9 (Critical) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

Code Injection

Summary

SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which could be used to get access to sensitive data, to inject malicious UPDATE statements that could have also impact on the operating system, to disrupt the functionality of the SAP system which can thereby lead to a Denial of Service.

References

URL

Tags

	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476	x_refsource_MISC
	https://launchpad.support.sap.com/#/notes/2999854	x_refsource_MISC
	http://seclists.org/fulldisclosure/2022/May/42	mailing-list, x_refsource_FULLDISC
	http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html	x_refsource_MISC

Impacted products

Vendor

Product

Version

SAP SE

SAP Business Warehouse

Version: < 700
Version: < 701
Version: < 702
Version: < 711
Version: < 730
Version: < 731
Version: < 740
Version: < 750
Version: < 782

SAP SE

SAP BW/4HANA

Version: < 100
Version: < 200

Show details on NVD website