{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T12:51:59.629","vulnerabilities":[{"cve":{"id":"CVE-2021-40496","sourceIdentifier":"cna@sap.com","published":"2021-10-12T15:15:09.267","lastModified":"2024-11-21T06:24:15.753","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details."},{"lang":"es","value":"SAP Internet Communication framework (ICM) - versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, permite a un atacante con la funcionalidad logon, explotar la función de autenticación mediante el uso de POST y el campo form para repetir las ejecuciones del comando inicial mediante una petición GET y exponer datos confidenciales. Esta vulnerabilidad es normalmente expuesta a través de la red y su explotación con éxito puede conllevar a una exposición de datos como detalles del sistema"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-668"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-668"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_abap:700:*:*:*:*:*:*:*","matchCriteriaId":"E0DA7CC6-A0F6-4839-965D-C60F691496AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_abap:701:*:*:*:*:*:*:*","matchCriteriaId":"6497854E-9C7B-4DAF-ADC6-F26523BB7D47"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*","matchCriteriaId":"FFC58754-3A9D-4320-AB4F-385FB72608E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_abap:730:*:*:*:*:*:*:*","matchCriteriaId":"6D46B6A9-C9F3-4270-AA6D-9988D6D4E608"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*","matchCriteriaId":"5B8A73A5-4526-40E1-A540-0A6C3F93DA05"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*","matchCriteriaId":"09A38B6E-03DC-4086-A307-542B35814E0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*","matchCriteriaId":"4651257F-7BFC-41AE-8E37-8C96F822CE58"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*","matchCriteriaId":"EECB438D-D5CD-4483-934F-4C814A725A35"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*","matchCriteriaId":"14A1CD95-14E1-438A-92FB-A0E47A88C59F"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*","matchCriteriaId":"4148303B-133A-4FD2-B546-DD86C5D0E7C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*","matchCriteriaId":"E51EF6BC-4C1C-4F1B-9873-D571BE3788F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*","matchCriteriaId":"424A3D68-0825-4A2C-BEB1-DC9A212A5E42"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_abap:756:*:*:*:*:*:*:*","matchCriteriaId":"5F4A410E-6276-4DD2-8C84-8B7DD06AD8FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_abap:785:*:*:*:*:*:*:*","matchCriteriaId":"76FF2082-3D69-41D9-AB86-F5E49D2485C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*","matchCriteriaId":"C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*","matchCriteriaId":"98B2522A-B850-4EC2-B2F2-5EBF36801B39"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*","matchCriteriaId":"706FEB9E-3EE9-405E-A8C9-733DAF68AC6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*","matchCriteriaId":"2F1B47E4-C4E3-4D79-9048-EF6A82B8085E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*","matchCriteriaId":"5CC29738-CF17-4E6B-9C9E-879B17F7E001"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*","matchCriteriaId":"127E508F-6CC1-41C8-96DF-8D14FFDD4020"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*","matchCriteriaId":"7777AA80-1608-420E-B7D5-09ABECD51728"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*","matchCriteriaId":"0539618A-1C4D-463F-B2BB-DD1C239C23EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*","matchCriteriaId":"62828DCD-F80E-4C7C-A988-EFEA06A5223E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*","matchCriteriaId":"D9F38585-73AE-4DBB-A978-F0272DF8FB58"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*","matchCriteriaId":"D416C064-BB8A-4230-A761-84A93E017F79"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*","matchCriteriaId":"6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*","matchCriteriaId":"72491771-4492-4902-9F0C-CE6A60BAA705"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:785:*:*:*:*:*:*:*","matchCriteriaId":"EC94057A-D02A-4111-BC35-4CD49C68B73B"}]}]}],"references":[{"url":"https://launchpad.support.sap.com/#/notes/3087254","source":"cna@sap.com","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/3087254","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}