CVE-2021-27610
Summary
| CVE | CVE-2021-27610 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-06-16 15:15:00 UTC |
| Updated | 2022-10-06 15:20:00 UTC |
| Description | SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sap | Netweaver Abap | 700 | All | All | All |
| Application | Sap | Netweaver Abap | 701 | All | All | All |
| Application | Sap | Netweaver Abap | 702 | All | All | All |
| Application | Sap | Netweaver Abap | 731 | All | All | All |
| Application | Sap | Netweaver Abap | 740 | All | All | All |
| Application | Sap | Netweaver Abap | 750 | All | All | All |
| Application | Sap | Netweaver Abap | 751 | All | All | All |
| Application | Sap | Netweaver Abap | 752 | All | All | All |
| Application | Sap | Netweaver Abap | 753 | All | All | All |
| Application | Sap | Netweaver Abap | 754 | All | All | All |
| Application | Sap | Netweaver Abap | 755 | All | All | All |
| Application | Sap | Netweaver Abap | 804 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 700 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 701 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 702 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 731 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 740 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 750 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 751 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 752 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 753 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 754 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 755 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 804 | All | All | All |
| Application | Sap | Netweaver As Abap | 700 | All | All | All |
| Application | Sap | Netweaver As Abap | 701 | All | All | All |
| Application | Sap | Netweaver As Abap | 702 | All | All | All |
| Application | Sap | Netweaver As Abap | 731 | All | All | All |
| Application | Sap | Netweaver As Abap | 740 | All | All | All |
| Application | Sap | Netweaver As Abap | 750 | All | All | All |
| Application | Sap | Netweaver As Abap | 751 | All | All | All |
| Application | Sap | Netweaver As Abap | 752 | All | All | All |
| Application | Sap | Netweaver As Abap | 753 | All | All | All |
| Application | Sap | Netweaver As Abap | 754 | All | All | All |
| Application | Sap | Netweaver As Abap | 755 | All | All | All |
| Application | Sap | Netweaver As Abap | 804 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| launchpad.support.sap.com | MISC | launchpad.support.sap.com | |
| SAP Security Patch Day – June 2021 - Product Security Response at SAP - Community Wiki | MISC | wiki.scn.sap.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 87453 SAP NetWeaver (ABAP Server) and ABAP Platform Improper Authentication Vulnerability