{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T06:44:20.866","vulnerabilities":[{"cve":{"id":"CVE-2021-33678","sourceIdentifier":"cna@sap.com","published":"2021-07-14T12:15:08.377","lastModified":"2024-11-21T06:09:20.760","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable."},{"lang":"es","value":"Un módulo de funciones de SAP NetWeaver AS ABAP (Reconciliation Framework), versiones - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, 75F, permite a un atacante con altos privilegios inyectar código que puede ser ejecutado por la aplicación. De este modo, un atacante podría eliminar información crítica y hacer que el sistema SAP no esté disponible completamente"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.2}],"cvssMetricV30":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:C","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":7.8,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-95"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:75a:*:*:*:*:*:*:*","matchCriteriaId":"BF4998F3-74DB-4E8C-BBEA-DFE0246D9C49"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:75b:*:*:*:*:*:*:*","matchCriteriaId":"2C81F522-B48C-4FF1-BABF-1BD32D6E950F"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:75c:*:*:*:*:*:*:*","matchCriteriaId":"D40BB558-1858-4EE4-8569-94C210AAC5DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:75d:*:*:*:*:*:*:*","matchCriteriaId":"51091237-042F-4056-8A49-178CDB486AF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:75e:*:*:*:*:*:*:*","matchCriteriaId":"FD164F9E-A9FA-4DCD-82EC-2C6C79F4D79D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:75f:*:*:*:*:*:*:*","matchCriteriaId":"5177A906-AEBD-47B7-A793-B74C88038C2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*","matchCriteriaId":"C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*","matchCriteriaId":"98B2522A-B850-4EC2-B2F2-5EBF36801B39"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*","matchCriteriaId":"706FEB9E-3EE9-405E-A8C9-733DAF68AC6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:*:*:*:*","matchCriteriaId":"9B5BF1EC-C2A6-486B-8E63-0A7ED431C1F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:*:*:*:*","matchCriteriaId":"17847B21-8BE6-4359-913B-B6592D37C655"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*","matchCriteriaId":"2F1B47E4-C4E3-4D79-9048-EF6A82B8085E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*","matchCriteriaId":"5CC29738-CF17-4E6B-9C9E-879B17F7E001"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*","matchCriteriaId":"127E508F-6CC1-41C8-96DF-8D14FFDD4020"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*","matchCriteriaId":"7777AA80-1608-420E-B7D5-09ABECD51728"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*","matchCriteriaId":"0539618A-1C4D-463F-B2BB-DD1C239C23EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*","matchCriteriaId":"62828DCD-F80E-4C7C-A988-EFEA06A5223E"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html","source":"cna@sap.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2022/May/42","source":"cna@sap.com","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/3048657","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2022/May/42","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/3048657","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}