Description
SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/3046610
Scores
CVSS v3
6.7
EPSS
0.0011
EPSS Percentile
29.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (5)
sap/netweaver_application_server_abap
700
sap/netweaver_application_server_abap
701
sap/netweaver_application_server_abap
702
sap/netweaver_application_server_abap
730
sap/netweaver_application_server_abap
731
Published
May 11, 2021
Tracked Since
Feb 18, 2026