CVE-2021-44231

Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:abap_platform:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:754:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:755:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:756:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:804:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:804:*:*:*:*:*:*:*

History

17 Dec 2021, 18:59

Type Values Removed Values Added
CPE cpe:2.3:a:sap:abap_platform:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap:804:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:756:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:755:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap:756:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:804:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap:754:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap:755:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_as_abap:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:754:*:*:*:*:*:*:*
CWE CWE-94
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
References (MISC) https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021 - (MISC) https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021 - Vendor Advisory
References (MISC) https://launchpad.support.sap.com/#/notes/3119365 - (MISC) https://launchpad.support.sap.com/#/notes/3119365 - Permissions Required, Vendor Advisory

14 Dec 2021, 16:35

Type Values Removed Values Added
New CVE

Information

Published : 2021-12-14 16:15

Updated : 2024-02-04 22:08


NVD link : CVE-2021-44231

Mitre link : CVE-2021-44231

CVE.ORG link : CVE-2021-44231


JSON object : View

Products Affected

sap

  • netweaver_application_server_abap
  • abap_platform
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')