mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
241 lines
8.4 KiB
JSON
241 lines
8.4 KiB
JSON
{
|
|
"id": "CVE-2021-33678",
|
|
"sourceIdentifier": "cna@sap.com",
|
|
"published": "2021-07-14T12:15:08.377",
|
|
"lastModified": "2022-10-05T14:16:09.207",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Un m\u00f3dulo de funciones de SAP NetWeaver AS ABAP (Reconciliation Framework), versiones - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, 75F, permite a un atacante con altos privilegios inyectar c\u00f3digo que puede ser ejecutado por la aplicaci\u00f3n. De este modo, un atacante podr\u00eda eliminar informaci\u00f3n cr\u00edtica y hacer que el sistema SAP no est\u00e9 disponible completamente"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 1.2,
|
|
"impactScore": 5.2
|
|
}
|
|
],
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "cna@sap.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 1.2,
|
|
"impactScore": 5.2
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:C",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "COMPLETE",
|
|
"baseScore": 7.5
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 8.0,
|
|
"impactScore": 7.8,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "cna@sap.com",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-95"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-94"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:75a:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BF4998F3-74DB-4E8C-BBEA-DFE0246D9C49"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:75b:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2C81F522-B48C-4FF1-BABF-1BD32D6E950F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:75c:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D40BB558-1858-4EE4-8569-94C210AAC5DE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:75d:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "51091237-042F-4056-8A49-178CDB486AF3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:75e:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FD164F9E-A9FA-4DCD-82EC-2C6C79F4D79D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:75f:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5177A906-AEBD-47B7-A793-B74C88038C2E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "98B2522A-B850-4EC2-B2F2-5EBF36801B39"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "706FEB9E-3EE9-405E-A8C9-733DAF68AC6D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9B5BF1EC-C2A6-486B-8E63-0A7ED431C1F0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "17847B21-8BE6-4359-913B-B6592D37C655"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2F1B47E4-C4E3-4D79-9048-EF6A82B8085E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5CC29738-CF17-4E6B-9C9E-879B17F7E001"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7777AA80-1608-420E-B7D5-09ABECD51728"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0539618A-1C4D-463F-B2BB-DD1C239C23EB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "62828DCD-F80E-4C7C-A988-EFEA06A5223E"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html",
|
|
"source": "cna@sap.com",
|
|
"tags": [
|
|
"Exploit",
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://seclists.org/fulldisclosure/2022/May/42",
|
|
"source": "cna@sap.com",
|
|
"tags": [
|
|
"Exploit",
|
|
"Mailing List",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://launchpad.support.sap.com/#/notes/3048657",
|
|
"source": "cna@sap.com",
|
|
"tags": [
|
|
"Permissions Required"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
|
|
"source": "cna@sap.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |