CVE-2021-21465 is a vulnerability in SAP Business Warehouse
Published on January 12, 2021
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system.
Products Associated with CVE-2021-21465
Want to know whenever a new CVE is published for SAP Business Warehouse? stack.watch will email you.
Affected Versions
SAP SE SAP Business Warehouse:- Version < 710 is affected.
- Version < 711 is affected.
- Version < 730 is affected.
- Version < 731 is affected.
- Version < 740 is affected.
- Version < 750 is affected.
- Version < 751 is affected.
- Version < 752 is affected.
- Version < 753 is affected.
- Version < 754 is affected.
- Version < 755 is affected.
- Version < 782 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.