Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/3119365 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
17 Dec 2021, 18:59
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sap:abap_platform:751:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:804:*:*:*:*:*:*:* cpe:2.3:a:sap:abap_platform:753:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:751:*:*:*:*:*:*:* cpe:2.3:a:sap:abap_platform:756:*:*:*:*:*:*:* cpe:2.3:a:sap:abap_platform:755:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:756:*:*:*:*:*:*:* cpe:2.3:a:sap:abap_platform:750:*:*:*:*:*:*:* cpe:2.3:a:sap:abap_platform:804:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:752:*:*:*:*:*:*:* cpe:2.3:a:sap:abap_platform:701:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:754:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:755:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:740:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:701:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:750:*:*:*:*:*:*:* cpe:2.3:a:sap:abap_platform:752:*:*:*:*:*:*:* cpe:2.3:a:sap:abap_platform:740:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:753:*:*:*:*:*:*:* cpe:2.3:a:sap:abap_platform:754:*:*:*:*:*:*:* |
|
CWE | CWE-94 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
References | (MISC) https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021 - Vendor Advisory | |
References | (MISC) https://launchpad.support.sap.com/#/notes/3119365 - Permissions Required, Vendor Advisory |
14 Dec 2021, 16:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-14 16:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-44231
Mitre link : CVE-2021-44231
CVE.ORG link : CVE-2021-44231
JSON object : View
Products Affected
sap
- netweaver_application_server_abap
- abap_platform
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')