HIGH🇵🇱 Wersja polska

CVE-2021-38176

CVSS 8.8v3.1pub. 2021-09-14upd. 2024-11-21

Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Sap Landscape Transformation

    APP
    Sap
    2.0
  • Sap Landscape Transformation Replication Server

    APP
    Sap
    1.02.03.0
  • Sap S\/4hana

    APP
    Sap
    1511161017091809190920202021
  • Sap Test Data Migration Server

    APP
    Sap
    4.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2026-0488CRITICAL9.9PL ✓ten sam produkt

SAP CRM / S/4HANA Scripting Editor — nieautoryzowane wykonanie SQL

CVE-2022-22531HIGH8.1ten sam produkt

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does ...

CVE-2022-22530HIGH8.1ten sam produkt

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does ...

CVE-2026-27679MEDIUM6.5ten sam produkt

Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), a...

CVE-2026-34264MEDIUM6.5ten sam produkt

During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messa...