9.8

CVE-2021-27610

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system.

Data is provided by the National Vulnerability Database (NVD)
SAPNetweaver Abap Version700
SAPNetweaver Abap Version701
SAPNetweaver Abap Version702
SAPNetweaver Abap Version731
SAPNetweaver Abap Version740
SAPNetweaver Abap Version750
SAPNetweaver Abap Version751
SAPNetweaver Abap Version752
SAPNetweaver Abap Version753
SAPNetweaver Abap Version754
SAPNetweaver Abap Version755
SAPNetweaver Abap Version804
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.55% 0.654
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
cna@sap.com 9 2.2 6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://launchpad.support.sap.com/#/notes/3007182
Vendor Advisory
Permissions Required