CVE-2021-33678 vulnerability in SAP Products
Published on July 14, 2021
A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable.
Weakness Type
What is an Eval Injection Vulnerability?
The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval"). This may allow an attacker to execute arbitrary code, or at least modify what code can be executed.
CVE-2021-33678 has been classified to as an Eval Injection vulnerability or weakness.
Products Associated with CVE-2021-33678
stack.watch emails you whenever new vulnerabilities are published in SAP Netweaver As Abap or SAP Netweaver Application Server Abap. Just hit a watch button to start following.
Affected Versions
SAP SE SAP NetWeaver AS ABAP (Reconciliation Framework):- Version < 700 is affected.
- Version < 701 is affected.
- Version < 702 is affected.
- Version < 710 is affected.
- Version < 711 is affected.
- Version < 730 is affected.
- Version < 731 is affected.
- Version < 740 is affected.
- Version < 750 is affected.
- Version < 751 is affected.
- Version < 752 is affected.
- Version < 75A is affected.
- Version < 75B is affected.
- Version < 75C is affected.
- Version < 75D is affected.
- Version < 75E is affected.
- Version < 75F is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.