VYPR
Unrated severityNVD Advisory· Published Sep 14, 2021· Updated Aug 4, 2024

CVE-2021-38176

CVE-2021-38176

Description

Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system.

Affected products

6
  • SAP/NZDTllm-create
  • SAP SE/SAP Landscape Transformationv5
    Range: < 2.0
  • SAP SE/SAP LT Replication Serverv5
    Range: < 2.0
  • SAP SE/SAP LTRS for S/4HANAv5
    Range: < 1.0
  • SAP SE/SAP S/4HANAv5
    Range: < 1511
  • SAP SE/SAP Test Data Migration Serverv5
    Range: < 4.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.