CVE-2021-27611
Summary
| CVE | CVE-2021-27611 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-05-11 15:15:00 UTC |
| Updated | 2022-10-05 14:16:00 UTC |
| Description | SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service. |
Risk And Classification
Problem Types: CWE-94
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sap | Netweaver Application Server Abap | 700 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 701 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 702 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 730 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 731 | All | All | All |
| Application | Sap | Netweaver As Abap | 700 | All | All | All |
| Application | Sap | Netweaver As Abap | 701 | All | All | All |
| Application | Sap | Netweaver As Abap | 702 | All | All | All |
| Application | Sap | Netweaver As Abap | 730 | All | All | All |
| Application | Sap | Netweaver As Abap | 731 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| launchpad.support.sap.com | MISC | launchpad.support.sap.com | |
| SAP Security Patch Day – May 2021 - Product Security Response at SAP - Community Wiki | MISC | wiki.scn.sap.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 87450 SAP NetWeaver AS ABAP Code Injection Vulnerability