// For flags

CVE-2021-21468

SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table.

La interfaz de Base de Datos de BW no lleva a cabo las comprobaciones de autorización necesarias para un usuario autenticado, resultando en una escalada de privilegios que permite al usuario leer prácticamente cualquier tabla de la base de datos

The SAP application server ABAP and ABAP Platform are susceptible to code injection, SQL injection, and missing authorization vulnerabilities. Multiple SAP products are affected.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-12-30 CVE Reserved
  • 2021-01-12 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • 2024-09-29 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-862: Missing Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sap
Search vendor "Sap"
 Business Warehouse
Search vendor "Sap" for product "Business Warehouse"
 710
Search vendor "Sap" for product "Business Warehouse" and version "710"
-
Affected
Sap
Search vendor "Sap"
 Business Warehouse
Search vendor "Sap" for product "Business Warehouse"
 711
Search vendor "Sap" for product "Business Warehouse" and version "711"
-
Affected
Sap
Search vendor "Sap"
 Business Warehouse
Search vendor "Sap" for product "Business Warehouse"
 730
Search vendor "Sap" for product "Business Warehouse" and version "730"
-
Affected
Sap
Search vendor "Sap"
 Business Warehouse
Search vendor "Sap" for product "Business Warehouse"
 731
Search vendor "Sap" for product "Business Warehouse" and version "731"
-
Affected
Sap
Search vendor "Sap"
 Business Warehouse
Search vendor "Sap" for product "Business Warehouse"
 740
Search vendor "Sap" for product "Business Warehouse" and version "740"
-
Affected
Sap
Search vendor "Sap"
 Business Warehouse
Search vendor "Sap" for product "Business Warehouse"
 750
Search vendor "Sap" for product "Business Warehouse" and version "750"
-
Affected
Sap
Search vendor "Sap"
 Business Warehouse
Search vendor "Sap" for product "Business Warehouse"
 751
Search vendor "Sap" for product "Business Warehouse" and version "751"
-
Affected
Sap
Search vendor "Sap"
 Business Warehouse
Search vendor "Sap" for product "Business Warehouse"
 752
Search vendor "Sap" for product "Business Warehouse" and version "752"
-
Affected
Sap
Search vendor "Sap"
 Business Warehouse
Search vendor "Sap" for product "Business Warehouse"
 753
Search vendor "Sap" for product "Business Warehouse" and version "753"
-
Affected
Sap
Search vendor "Sap"
 Business Warehouse
Search vendor "Sap" for product "Business Warehouse"
 754
Search vendor "Sap" for product "Business Warehouse" and version "754"
-
Affected
Sap
Search vendor "Sap"
 Business Warehouse
Search vendor "Sap" for product "Business Warehouse"
 755
Search vendor "Sap" for product "Business Warehouse" and version "755"
-
Affected
Sap
Search vendor "Sap"
 Business Warehouse
Search vendor "Sap" for product "Business Warehouse"
 782
Search vendor "Sap" for product "Business Warehouse" and version "782"
-
Affected