CVE-2021-27610
CRITICALSAP NetWeaver ABAP Server/ABAP Platform - Info Disclosure
Title source: llmDescription
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/3007182
Scores
CVSS v3
9.8
EPSS
0.0055
EPSS Percentile
68.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (24)
sap/netweaver_abap
700
sap/netweaver_abap
701
sap/netweaver_abap
702
sap/netweaver_abap
731
sap/netweaver_abap
740
sap/netweaver_abap
750
sap/netweaver_abap
751
sap/netweaver_abap
752
sap/netweaver_abap
753
sap/netweaver_abap
754
... and 14 more
Published
Jun 16, 2021
Tracked Since
Feb 18, 2026