CVE-2021-40496 vulnerability in SAP Products
Published on October 12, 2021
SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.
Weakness Type
Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Products Associated with CVE-2021-40496
Want to know whenever a new CVE is published for SAP products? stack.watch will email you.
Affected Versions
SAP SE SAP NetWeaver AS ABAP and ABAP Platform:- Version < 700 is affected.
- Version < 701 is affected.
- Version < 702 is affected.
- Version < 730 is affected.
- Version < 731 is affected.
- Version < 740 is affected.
- Version < 750 is affected.
- Version < 751 is affected.
- Version < 752 is affected.
- Version < 753 is affected.
- Version < 754 is affected.
- Version < 755 is affected.
- Version < 756 is affected.
- Version < 785 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.