Vulnerability Description
SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Application Server Abap | 700 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-PlaExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/May/42ExploitMailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/3002517Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999Vendor Advisory
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-PlaExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/May/42ExploitMailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/3002517Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999Vendor Advisory
FAQ
What is CVE-2021-21473?
CVE-2021-21473 is a vulnerability with a CVSS score of 6.3 (MEDIUM). SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorizatio...
How severe is CVE-2021-21473?
CVE-2021-21473 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21473?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver Application Server Abap.