Unrated severityNVD Advisory· Published Sep 14, 2021· Updated Aug 4, 2024
CVE-2021-38176
CVE-2021-38176
Description
Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system.
Affected products
6- SAP SE/SAP Landscape Transformationv5Range: < 2.0
- SAP SE/SAP LT Replication Serverv5Range: < 2.0
- SAP SE/SAP LTRS for S/4HANAv5Range: < 1.0
- SAP SE/SAP S/4HANAv5Range: < 1511
- SAP SE/SAP Test Data Migration Serverv5Range: < 4.0
Patches
Vulnerability mechanics
References
2- launchpad.support.sap.commitrex_refsource_MISC
- wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.