CVE-2021-40496
Vulnerability from cvelistv5
Published
2021-10-12 14:03
Modified
2024-08-04 02:44
Severity ?
Summary
SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.
References
cna@sap.comhttps://launchpad.support.sap.com/#/notes/3087254Permissions Required, Vendor Advisory
cna@sap.comhttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://launchpad.support.sap.com/#/notes/3087254Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983Vendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:44:10.795Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/3087254"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP NetWeaver AS ABAP and ABAP Platform",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 700"
            },
            {
              "status": "affected",
              "version": "\u003c 701"
            },
            {
              "status": "affected",
              "version": "\u003c 702"
            },
            {
              "status": "affected",
              "version": "\u003c 730"
            },
            {
              "status": "affected",
              "version": "\u003c 731"
            },
            {
              "status": "affected",
              "version": "\u003c 740"
            },
            {
              "status": "affected",
              "version": "\u003c 750"
            },
            {
              "status": "affected",
              "version": "\u003c 751"
            },
            {
              "status": "affected",
              "version": "\u003c 752"
            },
            {
              "status": "affected",
              "version": "\u003c 753"
            },
            {
              "status": "affected",
              "version": "\u003c 754"
            },
            {
              "status": "affected",
              "version": "\u003c 755"
            },
            {
              "status": "affected",
              "version": "\u003c 756"
            },
            {
              "status": "affected",
              "version": "\u003c 785"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-12T14:03:51",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/3087254"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2021-40496",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP NetWeaver AS ABAP and ABAP Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "700"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "701"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "702"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "730"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "731"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "740"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "750"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "751"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "752"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "753"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "754"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "755"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "756"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "785"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "null",
            "vectorString": "null",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983",
              "refsource": "MISC",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/3087254",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/3087254"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2021-40496",
    "datePublished": "2021-10-12T14:03:51",
    "dateReserved": "2021-09-03T00:00:00",
    "dateUpdated": "2024-08-04T02:44:10.795Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:700:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0DA7CC6-A0F6-4839-965D-C60F691496AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:701:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6497854E-9C7B-4DAF-ADC6-F26523BB7D47\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFC58754-3A9D-4320-AB4F-385FB72608E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:730:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D46B6A9-C9F3-4270-AA6D-9988D6D4E608\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B8A73A5-4526-40E1-A540-0A6C3F93DA05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09A38B6E-03DC-4086-A307-542B35814E0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4651257F-7BFC-41AE-8E37-8C96F822CE58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EECB438D-D5CD-4483-934F-4C814A725A35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14A1CD95-14E1-438A-92FB-A0E47A88C59F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4148303B-133A-4FD2-B546-DD86C5D0E7C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E51EF6BC-4C1C-4F1B-9873-D571BE3788F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"424A3D68-0825-4A2C-BEB1-DC9A212A5E42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:756:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F4A410E-6276-4DD2-8C84-8B7DD06AD8FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:785:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76FF2082-3D69-41D9-AB86-F5E49D2485C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98B2522A-B850-4EC2-B2F2-5EBF36801B39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"706FEB9E-3EE9-405E-A8C9-733DAF68AC6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F1B47E4-C4E3-4D79-9048-EF6A82B8085E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CC29738-CF17-4E6B-9C9E-879B17F7E001\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"127E508F-6CC1-41C8-96DF-8D14FFDD4020\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7777AA80-1608-420E-B7D5-09ABECD51728\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0539618A-1C4D-463F-B2BB-DD1C239C23EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62828DCD-F80E-4C7C-A988-EFEA06A5223E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9F38585-73AE-4DBB-A978-F0272DF8FB58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D416C064-BB8A-4230-A761-84A93E017F79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72491771-4492-4902-9F0C-CE6A60BAA705\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:785:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC94057A-D02A-4111-BC35-4CD49C68B73B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.\"}, {\"lang\": \"es\", \"value\": \"SAP Internet Communication framework (ICM) - versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, permite a un atacante con la funcionalidad logon, explotar la funci\\u00f3n de autenticaci\\u00f3n mediante el uso de POST y el campo form para repetir las ejecuciones del comando inicial mediante una petici\\u00f3n GET y exponer datos confidenciales. Esta vulnerabilidad es normalmente expuesta a trav\\u00e9s de la red y su explotaci\\u00f3n con \\u00e9xito puede conllevar a una exposici\\u00f3n de datos como detalles del sistema\"}]",
      "id": "CVE-2021-40496",
      "lastModified": "2024-11-21T06:24:15.753",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-10-12T15:15:09.267",
      "references": "[{\"url\": \"https://launchpad.support.sap.com/#/notes/3087254\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983\", \"source\": \"cna@sap.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/3087254\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cna@sap.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cna@sap.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-668\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-668\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-40496\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2021-10-12T15:15:09.267\",\"lastModified\":\"2024-11-21T06:24:15.753\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.\"},{\"lang\":\"es\",\"value\":\"SAP Internet Communication framework (ICM) - versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, permite a un atacante con la funcionalidad logon, explotar la funci\u00f3n de autenticaci\u00f3n mediante el uso de POST y el campo form para repetir las ejecuciones del comando inicial mediante una petici\u00f3n GET y exponer datos confidenciales. Esta vulnerabilidad es normalmente expuesta a trav\u00e9s de la red y su explotaci\u00f3n con \u00e9xito puede conllevar a una exposici\u00f3n de datos como detalles del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-668\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-668\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:700:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0DA7CC6-A0F6-4839-965D-C60F691496AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:701:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6497854E-9C7B-4DAF-ADC6-F26523BB7D47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFC58754-3A9D-4320-AB4F-385FB72608E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:730:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D46B6A9-C9F3-4270-AA6D-9988D6D4E608\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B8A73A5-4526-40E1-A540-0A6C3F93DA05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09A38B6E-03DC-4086-A307-542B35814E0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4651257F-7BFC-41AE-8E37-8C96F822CE58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EECB438D-D5CD-4483-934F-4C814A725A35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14A1CD95-14E1-438A-92FB-A0E47A88C59F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4148303B-133A-4FD2-B546-DD86C5D0E7C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E51EF6BC-4C1C-4F1B-9873-D571BE3788F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"424A3D68-0825-4A2C-BEB1-DC9A212A5E42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:756:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F4A410E-6276-4DD2-8C84-8B7DD06AD8FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:785:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76FF2082-3D69-41D9-AB86-F5E49D2485C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98B2522A-B850-4EC2-B2F2-5EBF36801B39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"706FEB9E-3EE9-405E-A8C9-733DAF68AC6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F1B47E4-C4E3-4D79-9048-EF6A82B8085E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CC29738-CF17-4E6B-9C9E-879B17F7E001\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"127E508F-6CC1-41C8-96DF-8D14FFDD4020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7777AA80-1608-420E-B7D5-09ABECD51728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0539618A-1C4D-463F-B2BB-DD1C239C23EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62828DCD-F80E-4C7C-A988-EFEA06A5223E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9F38585-73AE-4DBB-A978-F0272DF8FB58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D416C064-BB8A-4230-A761-84A93E017F79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72491771-4492-4902-9F0C-CE6A60BAA705\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:785:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC94057A-D02A-4111-BC35-4CD49C68B73B\"}]}]}],\"references\":[{\"url\":\"https://launchpad.support.sap.com/#/notes/3087254\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/3087254\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.