CVE-2021-38176 vulnerability in SAP Products
Published on September 14, 2021

Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system.

NVD

Products Associated with CVE-2021-38176

Want to know whenever a new CVE is published for SAP products? stack.watch will email you.

SAP Landscape Transformation

SAP Landscape Transformation Replication Server

SAP S4hana

SAP Test Data Migration Server

Affected Versions

SAP SE SAP S/4HANA:

Version < 1511 is affected.
Version < 1610 is affected.
Version < 1709 is affected.
Version < 1809 is affected.
Version < 1909 is affected.
Version < 2020 is affected.
Version < 2021 is affected.

SAP SE SAP LT Replication Server:

Version < 2.0 is affected.
Version < 3.0 is affected.

SAP SE SAP LTRS for S/4HANA:

Version < 1.0 is affected.

SAP SE SAP Test Data Migration Server:

Version < 4.0 is affected.

SAP SE SAP Landscape Transformation:

Version < 2.0 is affected.

Exploit Probability

EPSS

0.72%

Percentile

72.20%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-38176 vulnerability in SAP ProductsPublished on September 14, 2021

Products Associated with CVE-2021-38176

Affected Versions

Exploit Probability

CVE-2021-38176 vulnerability in SAP Products
Published on September 14, 2021