Sign-up

ID

VAR-202110-0794


CVE

CVE-2021-38178


TITLE

SAP NetWeaver AS ABAP  and  ABAP Platform  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013707

DESCRIPTION

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data. SAP NetWeaver AS ABAP and ABAP Platform Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-38178 // JVNDB: JVNDB-2021-013707 // VULMON: CVE-2021-38178

AFFECTED PRODUCTS

vendor:sapmodel:netweaver as abapscope:eqversion:731

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:700

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:740

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:755

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:756

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:753

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:751

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:750

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:752

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:730

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:754

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:702

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:755

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:710

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:740

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:701

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:756

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:700

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:730

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:751

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:752

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:731

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:753

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:750

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:702

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:754

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:710

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:701

Trust: 1.0

vendor:sapmodel:netweaver as abapscope: - version: -

Trust: 0.8

vendor:sapmodel:netweaver abapscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-013707 // NVD: CVE-2021-38178

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-38178
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202110-790
value: HIGH

Trust: 0.6

VULMON: CVE-2021-38178
value: MEDIUM

Trust: 0.1

NVD: CVE-2021-38178
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.9

NVD: CVE-2021-38178
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-38178
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-38178 // JVNDB: JVNDB-2021-013707 // CNNVD: CNNVD-202110-790 // NVD: CVE-2021-38178

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-013707 // NVD: CVE-2021-38178

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-790

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-790

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-38178

PATCH
title:Top Pageurl:https://www.sap.com/index.html
Trust: 0.8
title:SAP NetWeaver AS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=166539
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-013707 // 
            
            
            
            CNNVD: CNNVD-202110-790

EXTERNAL IDS
db:NVDid:CVE-2021-38178
Trust: 3.3
db:JVNDBid:JVNDB-2021-013707
Trust: 0.8
db:CNNVDid:CNNVD-202110-790
Trust: 0.6
db:VULMONid:CVE-2021-38178
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-38178 // 
            
            
            
            JVNDB: JVNDB-2021-013707 // 
            
            
            
            CNNVD: CNNVD-202110-790 // 
            
            
            
            NVD: CVE-2021-38178

REFERENCES
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=587169983
Trust: 1.7
url:https://launchpad.support.sap.com/#/notes/3097887
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2021-38178
Trust: 1.4
url:https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-october-2021-36632
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/863.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-38178 // 
            
            
            
            JVNDB: JVNDB-2021-013707 // 
            
            
            
            CNNVD: CNNVD-202110-790 // 
            
            
            
            NVD: CVE-2021-38178

SOURCES
db:VULMONid:CVE-2021-38178
db:JVNDBid:JVNDB-2021-013707
db:CNNVDid:CNNVD-202110-790
db:NVDid:CVE-2021-38178

LAST UPDATE DATE
2022-09-28T22:28:06.894000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-38178date:2021-10-19T00:00:00
db:JVNDBid:JVNDB-2021-013707date:2022-09-26T09:06:00
db:CNNVDid:CNNVD-202110-790date:2022-07-14T00:00:00
db:NVDid:CVE-2021-38178date:2021-10-19T00:50:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-38178date:2021-10-12T00:00:00
db:JVNDBid:JVNDB-2021-013707date:2022-09-26T00:00:00
db:CNNVDid:CNNVD-202110-790date:2021-10-12T00:00:00
db:NVDid:CVE-2021-38178date:2021-10-12T15:15:00