Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-38176

Опубликовано: 14 сент. 2021
Источник: nvd
CVSS3: 9.9
CVSS3: 8.8
CVSS2: 9
EPSS Низкий

Описание

Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:landscape_transformation:2.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:landscape_transformation_replication_server:1.0:*:*:*:*:s\/4hana:*:*
cpe:2.3:a:sap:landscape_transformation_replication_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:landscape_transformation_replication_server:3.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:1511:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:1610:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:1709:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:1809:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:1909:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:2020:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:2021:*:*:*:*:*:*:*
cpe:2.3:a:sap:test_data_migration_server:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 72%
0.00722
Низкий

9.9 Critical

CVSS3

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-89

Связанные уязвимости

github логотип

GHSA-4qx6-hc3f-6gj9

CVSS3: 8.8
github
больше 3 лет назад

Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system.

EPSS

Процентиль: 72%
0.00722
Низкий

9.9 Critical

CVSS3

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-89