cvelistv5 - cve-2021-40496

CVE-2021-40496 (GCVE-0-2021-40496)

Vulnerability from cvelistv5 – Published: 2021-10-12 14:03 – Updated: 2024-08-04 02:44

Summary

SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.

Severity ?

No CVSS data available.

CWE

CWE-668

Assigner

sap

References

URL

Tags

	https://wiki.scn.sap.com/wiki/pages/viewpage.acti…	x_refsource_MISC
	https://launchpad.support.sap.com/#/notes/3087254	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	SAP SE	SAP NetWeaver AS ABAP and ABAP Platform	Affected: < 700 Affected: < 701 Affected: < 702 Affected: < 730 Affected: < 731 Affected: < 740 Affected: < 750 Affected: < 751 Affected: < 752 Affected: < 753 Affected: < 754 Affected: < 755 Affected: < 756 Affected: < 785

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:44:10.795Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/3087254"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP NetWeaver AS ABAP and ABAP Platform",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 700"
            },
            {
              "status": "affected",
              "version": "\u003c 701"
            },
            {
              "status": "affected",
              "version": "\u003c 702"
            },
            {
              "status": "affected",
              "version": "\u003c 730"
            },
            {
              "status": "affected",
              "version": "\u003c 731"
            },
            {
              "status": "affected",
              "version": "\u003c 740"
            },
            {
              "status": "affected",
              "version": "\u003c 750"
            },
            {
              "status": "affected",
              "version": "\u003c 751"
            },
            {
              "status": "affected",
              "version": "\u003c 752"
            },
            {
              "status": "affected",
              "version": "\u003c 753"
            },
            {
              "status": "affected",
              "version": "\u003c 754"
            },
            {
              "status": "affected",
              "version": "\u003c 755"
            },
            {
              "status": "affected",
              "version": "\u003c 756"
            },
            {
              "status": "affected",
              "version": "\u003c 785"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-12T14:03:51",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/3087254"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2021-40496",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP NetWeaver AS ABAP and ABAP Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "700"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "701"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "702"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "730"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "731"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "740"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "750"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "751"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "752"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "753"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "754"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "755"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "756"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "785"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "null",
            "vectorString": "null",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983",
              "refsource": "MISC",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/3087254",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/3087254"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2021-40496",
    "datePublished": "2021-10-12T14:03:51",
    "dateReserved": "2021-09-03T00:00:00",
    "dateUpdated": "2024-08-04T02:44:10.795Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:700:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0DA7CC6-A0F6-4839-965D-C60F691496AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:701:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6497854E-9C7B-4DAF-ADC6-F26523BB7D47\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFC58754-3A9D-4320-AB4F-385FB72608E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:730:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D46B6A9-C9F3-4270-AA6D-9988D6D4E608\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B8A73A5-4526-40E1-A540-0A6C3F93DA05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09A38B6E-03DC-4086-A307-542B35814E0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4651257F-7BFC-41AE-8E37-8C96F822CE58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EECB438D-D5CD-4483-934F-4C814A725A35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14A1CD95-14E1-438A-92FB-A0E47A88C59F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4148303B-133A-4FD2-B546-DD86C5D0E7C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E51EF6BC-4C1C-4F1B-9873-D571BE3788F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"424A3D68-0825-4A2C-BEB1-DC9A212A5E42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:756:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F4A410E-6276-4DD2-8C84-8B7DD06AD8FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_abap:785:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76FF2082-3D69-41D9-AB86-F5E49D2485C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98B2522A-B850-4EC2-B2F2-5EBF36801B39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"706FEB9E-3EE9-405E-A8C9-733DAF68AC6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F1B47E4-C4E3-4D79-9048-EF6A82B8085E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CC29738-CF17-4E6B-9C9E-879B17F7E001\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"127E508F-6CC1-41C8-96DF-8D14FFDD4020\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7777AA80-1608-420E-B7D5-09ABECD51728\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0539618A-1C4D-463F-B2BB-DD1C239C23EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62828DCD-F80E-4C7C-A988-EFEA06A5223E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9F38585-73AE-4DBB-A978-F0272DF8FB58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D416C064-BB8A-4230-A761-84A93E017F79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72491771-4492-4902-9F0C-CE6A60BAA705\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:785:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC94057A-D02A-4111-BC35-4CD49C68B73B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.\"}, {\"lang\": \"es\", \"value\": \"SAP Internet Communication framework (ICM) - versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, permite a un atacante con la funcionalidad logon, explotar la funci\\u00f3n de autenticaci\\u00f3n mediante el uso de POST y el campo form para repetir las ejecuciones del comando inicial mediante una petici\\u00f3n GET y exponer datos confidenciales. Esta vulnerabilidad es normalmente expuesta a trav\\u00e9s de la red y su explotaci\\u00f3n con \\u00e9xito puede conllevar a una exposici\\u00f3n de datos como detalles del sistema\"}]",
      "id": "CVE-2021-40496",
      "lastModified": "2024-11-21T06:24:15.753",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-10-12T15:15:09.267",
      "references": "[{\"url\": \"https://launchpad.support.sap.com/#/notes/3087254\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983\", \"source\": \"cna@sap.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/3087254\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cna@sap.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cna@sap.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-668\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-668\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-40496\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2021-10-12T15:15:09.267\",\"lastModified\":\"2024-11-21T06:24:15.753\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.\"},{\"lang\":\"es\",\"value\":\"SAP Internet Communication framework (ICM) - versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, permite a un atacante con la funcionalidad logon, explotar la funci\u00f3n de autenticaci\u00f3n mediante el uso de POST y el campo form para repetir las ejecuciones del comando inicial mediante una petici\u00f3n GET y exponer datos confidenciales. Esta vulnerabilidad es normalmente expuesta a trav\u00e9s de la red y su explotaci\u00f3n con \u00e9xito puede conllevar a una exposici\u00f3n de datos como detalles del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-668\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-668\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:700:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0DA7CC6-A0F6-4839-965D-C60F691496AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:701:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6497854E-9C7B-4DAF-ADC6-F26523BB7D47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFC58754-3A9D-4320-AB4F-385FB72608E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:730:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D46B6A9-C9F3-4270-AA6D-9988D6D4E608\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B8A73A5-4526-40E1-A540-0A6C3F93DA05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09A38B6E-03DC-4086-A307-542B35814E0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4651257F-7BFC-41AE-8E37-8C96F822CE58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EECB438D-D5CD-4483-934F-4C814A725A35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14A1CD95-14E1-438A-92FB-A0E47A88C59F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4148303B-133A-4FD2-B546-DD86C5D0E7C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E51EF6BC-4C1C-4F1B-9873-D571BE3788F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"424A3D68-0825-4A2C-BEB1-DC9A212A5E42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:756:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F4A410E-6276-4DD2-8C84-8B7DD06AD8FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_abap:785:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76FF2082-3D69-41D9-AB86-F5E49D2485C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98B2522A-B850-4EC2-B2F2-5EBF36801B39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"706FEB9E-3EE9-405E-A8C9-733DAF68AC6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F1B47E4-C4E3-4D79-9048-EF6A82B8085E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CC29738-CF17-4E6B-9C9E-879B17F7E001\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"127E508F-6CC1-41C8-96DF-8D14FFDD4020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7777AA80-1608-420E-B7D5-09ABECD51728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0539618A-1C4D-463F-B2BB-DD1C239C23EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62828DCD-F80E-4C7C-A988-EFEA06A5223E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9F38585-73AE-4DBB-A978-F0272DF8FB58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D416C064-BB8A-4230-A761-84A93E017F79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72491771-4492-4902-9F0C-CE6A60BAA705\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:785:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC94057A-D02A-4111-BC35-4CD49C68B73B\"}]}]}],\"references\":[{\"url\":\"https://launchpad.support.sap.com/#/notes/3087254\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/3087254\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2021-AVI-770

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAP SuccessFactors Mobile Application (pour les équipements Android), Versions - <2108
SAP	N/A	SAP NetWeaver AS ABAP et ABAP Platform, Versions - 740, 750, 751, 752, 753, 754, 755
SAP	SAP BusinessObjects Business Intelligence	SAP BusinessObjects Business Intelligence Platform (Crystal Reports), Versions - 420, 430
SAP	N/A	SAP Business Client, Version – 6.5
SAP	N/A	SAP BusinessObjects Analysis, (édition pour OLAP), Versions - 420, 430
SAP	N/A	SAP Environmental Compliance, Version - 3.0
SAP	NetWeaver Application Server pour ABAP	SAP NetWeaver Application Server pour ABAP (SAP Cloud Print Manager et SAPSprint), Versions - 7.70, 7.70 PI, 7.70BYD
SAP	N/A	SAP Business One, Version - 10.0
SAP	N/A	SAP NetWeaver, Versions - 700, 701, 702, 730
SAP	N/A	SAP NetWeaver AS ABAP et ABAP Platform, Versions - 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785
SAP	N/A	SAPUI5, Versions - 750, 753, 754
SAP	N/A	SAP NetWeaver AS ABAP et ABAP Platform, Versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756
SAP	N/A	SAP NetWeaver AS ABAP and ABAP Platform, Versions - 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756

References

Title

Publication Time

Tags

Bulletin de sécurité SAP 587169983 du 12 octobre 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAP SuccessFactors Mobile Application (pour les \u00e9quipements Android), Versions - \u003c2108",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP et ABAP Platform, Versions - 740, 750, 751, 752, 753, 754, 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP BusinessObjects Business Intelligence Platform (Crystal Reports), Versions - 420, 430",
      "product": {
        "name": "SAP BusinessObjects Business Intelligence",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Client, Version \u2013 6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP BusinessObjects Analysis, (\u00e9dition pour OLAP), Versions - 420, 430",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Environmental Compliance, Version - 3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver Application Server pour ABAP (SAP Cloud Print Manager et SAPSprint), Versions - 7.70, 7.70 PI, 7.70BYD",
      "product": {
        "name": "NetWeaver Application Server pour ABAP",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business One, Version - 10.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver, Versions - 700, 701, 702, 730",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP et ABAP Platform, Versions - 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAPUI5, Versions - 750, 753, 754",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP et ABAP Platform, Versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP and ABAP Platform, Versions - 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-40498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40498"
    },
    {
      "name": "CVE-2021-38180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38180"
    },
    {
      "name": "CVE-2020-10683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
    },
    {
      "name": "CVE-2021-40500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40500"
    },
    {
      "name": "CVE-2021-38179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38179"
    },
    {
      "name": "CVE-2021-23926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23926"
    },
    {
      "name": "CVE-2021-38183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38183"
    },
    {
      "name": "CVE-2021-38181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38181"
    },
    {
      "name": "CVE-2021-40496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40496"
    },
    {
      "name": "CVE-2021-40497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40497"
    },
    {
      "name": "CVE-2021-40495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40495"
    },
    {
      "name": "CVE-2021-38178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38178"
    },
    {
      "name": "CVE-2021-40499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40499"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-770",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP 587169983 du 12 octobre 2021",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
    }
  ]
}

CERTFR-2021-AVI-770

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAP SuccessFactors Mobile Application (pour les équipements Android), Versions - <2108
SAP	N/A	SAP NetWeaver AS ABAP et ABAP Platform, Versions - 740, 750, 751, 752, 753, 754, 755
SAP	SAP BusinessObjects Business Intelligence	SAP BusinessObjects Business Intelligence Platform (Crystal Reports), Versions - 420, 430
SAP	N/A	SAP Business Client, Version – 6.5
SAP	N/A	SAP BusinessObjects Analysis, (édition pour OLAP), Versions - 420, 430
SAP	N/A	SAP Environmental Compliance, Version - 3.0
SAP	NetWeaver Application Server pour ABAP	SAP NetWeaver Application Server pour ABAP (SAP Cloud Print Manager et SAPSprint), Versions - 7.70, 7.70 PI, 7.70BYD
SAP	N/A	SAP Business One, Version - 10.0
SAP	N/A	SAP NetWeaver, Versions - 700, 701, 702, 730
SAP	N/A	SAP NetWeaver AS ABAP et ABAP Platform, Versions - 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785
SAP	N/A	SAPUI5, Versions - 750, 753, 754
SAP	N/A	SAP NetWeaver AS ABAP et ABAP Platform, Versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756
SAP	N/A	SAP NetWeaver AS ABAP and ABAP Platform, Versions - 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756

References

Title

Publication Time

Tags

Bulletin de sécurité SAP 587169983 du 12 octobre 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAP SuccessFactors Mobile Application (pour les \u00e9quipements Android), Versions - \u003c2108",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP et ABAP Platform, Versions - 740, 750, 751, 752, 753, 754, 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP BusinessObjects Business Intelligence Platform (Crystal Reports), Versions - 420, 430",
      "product": {
        "name": "SAP BusinessObjects Business Intelligence",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Client, Version \u2013 6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP BusinessObjects Analysis, (\u00e9dition pour OLAP), Versions - 420, 430",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Environmental Compliance, Version - 3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver Application Server pour ABAP (SAP Cloud Print Manager et SAPSprint), Versions - 7.70, 7.70 PI, 7.70BYD",
      "product": {
        "name": "NetWeaver Application Server pour ABAP",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business One, Version - 10.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver, Versions - 700, 701, 702, 730",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP et ABAP Platform, Versions - 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAPUI5, Versions - 750, 753, 754",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP et ABAP Platform, Versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP and ABAP Platform, Versions - 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-40498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40498"
    },
    {
      "name": "CVE-2021-38180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38180"
    },
    {
      "name": "CVE-2020-10683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
    },
    {
      "name": "CVE-2021-40500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40500"
    },
    {
      "name": "CVE-2021-38179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38179"
    },
    {
      "name": "CVE-2021-23926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23926"
    },
    {
      "name": "CVE-2021-38183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38183"
    },
    {
      "name": "CVE-2021-38181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38181"
    },
    {
      "name": "CVE-2021-40496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40496"
    },
    {
      "name": "CVE-2021-40497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40497"
    },
    {
      "name": "CVE-2021-40495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40495"
    },
    {
      "name": "CVE-2021-38178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38178"
    },
    {
      "name": "CVE-2021-40499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40499"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-770",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP 587169983 du 12 octobre 2021",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
    }
  ]
}

GHSA-CHRV-P5RC-J7C8

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-10-06 00:00

Details

Severity ?

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-40496"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-12T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.",
  "id": "GHSA-chrv-p5rc-j7c8",
  "modified": "2022-10-06T00:00:57Z",
  "published": "2022-05-24T19:17:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40496"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/3087254"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

VAR-202110-1586

Vulnerability from variot - Updated: 2022-09-23 00:09

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202110-1586",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "731"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "700"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "755"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "756"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "753"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "751"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "750"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "752"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "730"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "754"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "702"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "755"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "740"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "785"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "701"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "756"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "700"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "730"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "751"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "752"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "731"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "753"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "750"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "702"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "754"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "740"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "785"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "701"
      },
      {
        "model": "netweaver as abap",
        "scope": null,
        "trust": 0.8,
        "vendor": "sap",
        "version": null
      },
      {
        "model": "netweaver abap",
        "scope": null,
        "trust": 0.8,
        "vendor": "sap",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013646"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-40496"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:700:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:701:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:730:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:756:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:785:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:700:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:701:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:702:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:730:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:731:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:740:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:750:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:751:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:752:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:753:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:754:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:755:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:756:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:785:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-40496"
      }
    ]
  },
  "cve": "CVE-2021-40496",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2021-40496",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.9,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2021-40496",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2021-40496",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-40496",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202110-779",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-40496",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-40496"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013646"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-779"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-40496"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details. SAP Internet Communication framework Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-40496"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013646"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-40496"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-40496",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013646",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-779",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-40496",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-40496"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013646"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-779"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-40496"
      }
    ]
  },
  "id": "VAR-202110-1586",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.094017096
  },
  "last_update_date": "2022-09-23T00:09:47.530000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top\u00a0Page",
        "trust": 0.8,
        "url": "https://www.sap.com/index.html"
      },
      {
        "title": "Sap Internet Communication Framework Fixes for access control error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=166533"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013646"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-779"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-668",
        "trust": 1.0
      },
      {
        "problemtype": "Leakage of resources to the wrong area (CWE-668) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013646"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-40496"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=587169983"
      },
      {
        "trust": 1.7,
        "url": "https://launchpad.support.sap.com/#/notes/3087254"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-40496"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-october-2021-36632"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/668.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-40496"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013646"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-779"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-40496"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2021-40496"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013646"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-779"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-40496"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-10-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-40496"
      },
      {
        "date": "2022-09-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-013646"
      },
      {
        "date": "2021-10-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202110-779"
      },
      {
        "date": "2021-10-12T15:15:00",
        "db": "NVD",
        "id": "CVE-2021-40496"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-10-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-40496"
      },
      {
        "date": "2022-09-20T06:11:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-013646"
      },
      {
        "date": "2021-10-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202110-779"
      },
      {
        "date": "2021-11-28T23:37:00",
        "db": "NVD",
        "id": "CVE-2021-40496"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-779"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP\u00a0Internet\u00a0Communication\u00a0framework\u00a0 Vulnerability in leaking resources to the wrong area in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013646"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-779"
      }
    ],
    "trust": 0.6
  }
}

GSD-2021-40496

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-40496

Aliases

CVE-2021-40496

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-40496",
    "description": "SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.",
    "id": "GSD-2021-40496"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-40496"
      ],
      "details": "SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.",
      "id": "GSD-2021-40496",
      "modified": "2023-12-13T01:23:25.515743Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cna@sap.com",
        "ID": "CVE-2021-40496",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SAP NetWeaver AS ABAP and ABAP Platform",
                    "version": {
                      "version_data": [
                        {
                          "version_name": "\u003c",
                          "version_value": "700"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "701"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "702"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "730"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "731"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "740"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "750"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "751"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "752"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "753"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "754"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "755"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "756"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "785"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SAP SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": "null",
          "vectorString": "null",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-668"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983",
            "refsource": "MISC",
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
          },
          {
            "name": "https://launchpad.support.sap.com/#/notes/3087254",
            "refsource": "MISC",
            "url": "https://launchpad.support.sap.com/#/notes/3087254"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:700:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:701:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:730:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:756:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:785:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:785:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2021-40496"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-668"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/3087254",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3087254"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2022-10-06T15:20Z",
      "publishedDate": "2021-10-12T15:15Z"
    }
  }
}

FKIE_CVE-2021-40496

Vulnerability from fkie_nvd - Published: 2021-10-12 15:15 - Updated: 2024-11-21 06:24

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
cna@sap.com	https://launchpad.support.sap.com/#/notes/3087254	Permissions Required, Vendor Advisory
cna@sap.com	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.support.sap.com/#/notes/3087254	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983	Vendor Advisory

Impacted products

Vendor	Product	Version
sap	netweaver_abap	700
sap	netweaver_abap	701
sap	netweaver_abap	702
sap	netweaver_abap	730
sap	netweaver_abap	731
sap	netweaver_abap	740
sap	netweaver_abap	750
sap	netweaver_abap	751
sap	netweaver_abap	752
sap	netweaver_abap	753
sap	netweaver_abap	754
sap	netweaver_abap	755
sap	netweaver_abap	756
sap	netweaver_abap	785
sap	netweaver_application_server_abap	700
sap	netweaver_application_server_abap	701
sap	netweaver_application_server_abap	702
sap	netweaver_application_server_abap	730
sap	netweaver_application_server_abap	731
sap	netweaver_application_server_abap	740
sap	netweaver_application_server_abap	750
sap	netweaver_application_server_abap	751
sap	netweaver_application_server_abap	752
sap	netweaver_application_server_abap	753
sap	netweaver_application_server_abap	754
sap	netweaver_application_server_abap	755
sap	netweaver_application_server_abap	756
sap	netweaver_application_server_abap	785

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:netweaver_abap:700:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0DA7CC6-A0F6-4839-965D-C60F691496AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_abap:701:*:*:*:*:*:*:*",
              "matchCriteriaId": "6497854E-9C7B-4DAF-ADC6-F26523BB7D47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFC58754-3A9D-4320-AB4F-385FB72608E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_abap:730:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D46B6A9-C9F3-4270-AA6D-9988D6D4E608",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B8A73A5-4526-40E1-A540-0A6C3F93DA05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*",
              "matchCriteriaId": "09A38B6E-03DC-4086-A307-542B35814E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*",
              "matchCriteriaId": "4651257F-7BFC-41AE-8E37-8C96F822CE58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*",
              "matchCriteriaId": "EECB438D-D5CD-4483-934F-4C814A725A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*",
              "matchCriteriaId": "14A1CD95-14E1-438A-92FB-A0E47A88C59F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*",
              "matchCriteriaId": "4148303B-133A-4FD2-B546-DD86C5D0E7C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*",
              "matchCriteriaId": "E51EF6BC-4C1C-4F1B-9873-D571BE3788F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*",
              "matchCriteriaId": "424A3D68-0825-4A2C-BEB1-DC9A212A5E42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_abap:756:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F4A410E-6276-4DD2-8C84-8B7DD06AD8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_abap:785:*:*:*:*:*:*:*",
              "matchCriteriaId": "76FF2082-3D69-41D9-AB86-F5E49D2485C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*",
              "matchCriteriaId": "98B2522A-B850-4EC2-B2F2-5EBF36801B39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*",
              "matchCriteriaId": "706FEB9E-3EE9-405E-A8C9-733DAF68AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1B47E4-C4E3-4D79-9048-EF6A82B8085E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC29738-CF17-4E6B-9C9E-879B17F7E001",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
              "matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
              "matchCriteriaId": "7777AA80-1608-420E-B7D5-09ABECD51728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*",
              "matchCriteriaId": "0539618A-1C4D-463F-B2BB-DD1C239C23EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*",
              "matchCriteriaId": "62828DCD-F80E-4C7C-A988-EFEA06A5223E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9F38585-73AE-4DBB-A978-F0272DF8FB58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*",
              "matchCriteriaId": "D416C064-BB8A-4230-A761-84A93E017F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*",
              "matchCriteriaId": "72491771-4492-4902-9F0C-CE6A60BAA705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:785:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC94057A-D02A-4111-BC35-4CD49C68B73B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details."
    },
    {
      "lang": "es",
      "value": "SAP Internet Communication framework (ICM) - versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, permite a un atacante con la funcionalidad logon, explotar la funci\u00f3n de autenticaci\u00f3n mediante el uso de POST y el campo form para repetir las ejecuciones del comando inicial mediante una petici\u00f3n GET y exponer datos confidenciales. Esta vulnerabilidad es normalmente expuesta a trav\u00e9s de la red y su explotaci\u00f3n con \u00e9xito puede conllevar a una exposici\u00f3n de datos como detalles del sistema"
    }
  ],
  "id": "CVE-2021-40496",
  "lastModified": "2024-11-21T06:24:15.753",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-12T15:15:09.267",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/3087254"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/3087254"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "cna@sap.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-40496 (GCVE-0-2021-40496)

CERTFR-2021-AVI-770

Solution

CERTFR-2021-AVI-770

Solution

GHSA-CHRV-P5RC-J7C8

VAR-202110-1586

GSD-2021-40496

FKIE_CVE-2021-40496

Tags

Sightings

Nomenclature