Vulnerability Description
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Business Warehouse | 710 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-PlaExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/May/42ExploitMailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/2986980Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476Vendor Advisory
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-PlaExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/May/42ExploitMailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/2986980Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476Vendor Advisory
FAQ
What is CVE-2021-21465?
CVE-2021-21465 is a vulnerability with a CVSS score of 9.9 (CRITICAL). The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the databa...
How severe is CVE-2021-21465?
CVE-2021-21465 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-21465?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Business Warehouse.