← Volver a CVEs

CVE-2021-21465

CRITICAL

9.9

Descripcion

The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system.

Detalles CVE

Puntuacion CVSS v3.19.9

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado1/12/2021

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

sap:business_warehouse

Debilidades (CWE)

CWE-89

Referencias

http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html(cna@sap.com)

http://seclists.org/fulldisclosure/2022/May/42(cna@sap.com)

https://launchpad.support.sap.com/#/notes/2986980(cna@sap.com)

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476(cna@sap.com)

http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html(af854a3a-2127-422b-91ae-364da2661108)

http://seclists.org/fulldisclosure/2022/May/42(af854a3a-2127-422b-91ae-364da2661108)

https://launchpad.support.sap.com/#/notes/2986980(af854a3a-2127-422b-91ae-364da2661108)

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.