CVE-2021-21466 vulnerability in SAP Products

CVE-2021-21466 vulnerability in SAP Products
Published on January 12, 2021

SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which could be used to get access to sensitive data, to inject malicious UPDATE statements that could have also impact on the operating system, to disrupt the functionality of the SAP system which can thereby lead to a Denial of Service.

Products Associated with CVE-2021-21466

stack.watch emails you whenever new vulnerabilities are published in SAP Business Warehouse or SAP Bw4hana. Just hit a watch button to start following.

Affected Versions

Version < 700 is affected.

Version < 701 is affected.

Version < 702 is affected.

Version < 711 is affected.

Version < 730 is affected.

Version < 731 is affected.

Version < 740 is affected.

Version < 750 is affected.

Version < 782 is affected.

Version < 100 is affected.

Version < 200 is affected.

Exploit Probability

EPSS

2.52%

Percentile

85.18%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-21466 vulnerability in SAP ProductsPublished on January 12, 2021

Products Associated with CVE-2021-21466

Affected Versions

Exploit Probability

CVE-2021-21466 vulnerability in SAP Products
Published on January 12, 2021