fkie_cve-2021-38178
Vulnerability from fkie_nvd
Published
2021-10-12 15:15
Modified
2024-11-21 06:16
Severity ?
Summary
The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | 700 | |
| sap | netweaver_abap | 701 | |
| sap | netweaver_abap | 702 | |
| sap | netweaver_abap | 710 | |
| sap | netweaver_abap | 730 | |
| sap | netweaver_abap | 731 | |
| sap | netweaver_abap | 740 | |
| sap | netweaver_abap | 750 | |
| sap | netweaver_abap | 751 | |
| sap | netweaver_abap | 752 | |
| sap | netweaver_abap | 753 | |
| sap | netweaver_abap | 754 | |
| sap | netweaver_abap | 755 | |
| sap | netweaver_abap | 756 | |
| sap | netweaver_application_server_abap | 700 | |
| sap | netweaver_application_server_abap | 701 | |
| sap | netweaver_application_server_abap | 702 | |
| sap | netweaver_application_server_abap | 710 | |
| sap | netweaver_application_server_abap | 730 | |
| sap | netweaver_application_server_abap | 731 | |
| sap | netweaver_application_server_abap | 740 | |
| sap | netweaver_application_server_abap | 750 | |
| sap | netweaver_application_server_abap | 751 | |
| sap | netweaver_application_server_abap | 752 | |
| sap | netweaver_application_server_abap | 753 | |
| sap | netweaver_application_server_abap | 754 | |
| sap | netweaver_application_server_abap | 755 | |
| sap | netweaver_application_server_abap | 756 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:700:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DA7CC6-A0F6-4839-965D-C60F691496AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:701:*:*:*:*:*:*:*",
"matchCriteriaId": "6497854E-9C7B-4DAF-ADC6-F26523BB7D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC58754-3A9D-4320-AB4F-385FB72608E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:710:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE9B3CD-097D-4B66-8070-A46170736A0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:730:*:*:*:*:*:*:*",
"matchCriteriaId": "6D46B6A9-C9F3-4270-AA6D-9988D6D4E608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8A73A5-4526-40E1-A540-0A6C3F93DA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "09A38B6E-03DC-4086-A307-542B35814E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "4651257F-7BFC-41AE-8E37-8C96F822CE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*",
"matchCriteriaId": "EECB438D-D5CD-4483-934F-4C814A725A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*",
"matchCriteriaId": "14A1CD95-14E1-438A-92FB-A0E47A88C59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*",
"matchCriteriaId": "4148303B-133A-4FD2-B546-DD86C5D0E7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*",
"matchCriteriaId": "E51EF6BC-4C1C-4F1B-9873-D571BE3788F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*",
"matchCriteriaId": "424A3D68-0825-4A2C-BEB1-DC9A212A5E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:756:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4A410E-6276-4DD2-8C84-8B7DD06AD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*",
"matchCriteriaId": "98B2522A-B850-4EC2-B2F2-5EBF36801B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*",
"matchCriteriaId": "706FEB9E-3EE9-405E-A8C9-733DAF68AC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5BF1EC-C2A6-486B-8E63-0A7ED431C1F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1B47E4-C4E3-4D79-9048-EF6A82B8085E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC29738-CF17-4E6B-9C9E-879B17F7E001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "7777AA80-1608-420E-B7D5-09ABECD51728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*",
"matchCriteriaId": "0539618A-1C4D-463F-B2BB-DD1C239C23EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*",
"matchCriteriaId": "62828DCD-F80E-4C7C-A988-EFEA06A5223E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F38585-73AE-4DBB-A978-F0272DF8FB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*",
"matchCriteriaId": "D416C064-BB8A-4230-A761-84A93E017F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*",
"matchCriteriaId": "72491771-4492-4902-9F0C-CE6A60BAA705",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data."
},
{
"lang": "es",
"value": "El sistema de log\u00edstica de software de SAP NetWeaver AS ABAP y ABAP Platform versiones - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, permite a un usuario malicioso transferir artefactos o contenido de c\u00f3digo ABAP, omitiendo las puertas de calidad establecidas. Mediante esta vulnerabilidad el c\u00f3digo malicioso puede llegar a calidad y producci\u00f3n, y puede comprometer la confidencialidad, integridad y disponibilidad del sistema y sus datos"
}
],
"id": "CVE-2021-38178",
"lastModified": "2024-11-21T06:16:34.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-12T15:15:08.477",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3097887"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3097887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…