4.3

CVE-2021-40496

EPSS 0.42%
Published 12.10.2021 15:15:09
Last modified 21.11.2024 06:24:15
Source cna@sap.com
Teams watchlist Login
Open Login

SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Netweaver Abap Version700

SAP ≫ Netweaver Abap Version701

SAP ≫ Netweaver Abap Version702

SAP ≫ Netweaver Abap Version730

SAP ≫ Netweaver Abap Version731

SAP ≫ Netweaver Abap Version740

SAP ≫ Netweaver Abap Version750

SAP ≫ Netweaver Abap Version751

SAP ≫ Netweaver Abap Version752

SAP ≫ Netweaver Abap Version753

SAP ≫ Netweaver Abap Version754

SAP ≫ Netweaver Abap Version755

SAP ≫ Netweaver Abap Version756

SAP ≫ Netweaver Abap Version785

SAP ≫ Netweaver Application Server Abap Version700

SAP ≫ Netweaver Application Server Abap Version701

SAP ≫ Netweaver Application Server Abap Version702

SAP ≫ Netweaver Application Server Abap Version730

SAP ≫ Netweaver Application Server Abap Version731

SAP ≫ Netweaver Application Server Abap Version740

SAP ≫ Netweaver Application Server Abap Version750

SAP ≫ Netweaver Application Server Abap Version751

SAP ≫ Netweaver Application Server Abap Version752

SAP ≫ Netweaver Application Server Abap Version753

SAP ≫ Netweaver Application Server Abap Version754

SAP ≫ Netweaver Application Server Abap Version755

SAP ≫ Netweaver Application Server Abap Version756

SAP ≫ Netweaver Application Server Abap Version785

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.42%	0.588

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3087254

Vendor Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2021-40496

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-40496

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-40496

EUVD