Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-38178

Опубликовано: 12 окт. 2021
Источник: nvd
CVSS3: 8.8
CVSS2: 6.5
EPSS Низкий

Описание

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:netweaver_abap:700:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:710:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:730:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:756:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*

EPSS

Процентиль: 66%
0.00525
Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

github логотип

GHSA-mg95-qw85-jrq5

CVSS3: 8.8
github
больше 3 лет назад

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data.

fstec логотип

BDU:2022-00741

CVSS3: 8.8
fstec
больше 4 лет назад

Уязвимость программных интеграционных платформ SAP NetWeaver AS ABAP и SAP NetWeaver ABAP, связанная с неправильной авторизацией, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 66%
0.00525
Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

NVD-CWE-Other