CVE-2021-33701 vulnerability in SAP Products
Published on September 15, 2021
DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability.
Weakness Type
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2021-33701 has been classified to as a SQL Injection vulnerability or weakness.
Products Associated with CVE-2021-33701
Want to know whenever a new CVE is published for SAP products? stack.watch will email you.
Affected Versions
SAP SE DMIS Mobile Plug-In:- Version < DMIS 2011_1_620 is affected.
- Version < 2011_1_640 is affected.
- Version < 2011_1_700 is affected.
- Version < 2011_1_710 is affected.
- Version < 2011_1_730 is affected.
- Version < 710 is affected.
- Version < 2011_1_731 is affected.
- Version < 2011_1_752 is affected.
- Version < 2020 is affected.
- Version < SAPSCORE 125 is affected.
- Version < S4CORE 102 is affected.
- Version < 102 is affected.
- Version < 103 is affected.
- Version < 104 is affected.
- Version < 105 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.