Description
A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable.
References (4)
Scores
CVSS v3
6.5
EPSS
0.0216
EPSS Percentile
84.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-95
CWE-94
Status
published
Products (17)
sap/netweaver_application_server_abap
75a
sap/netweaver_application_server_abap
75b
sap/netweaver_application_server_abap
75c
sap/netweaver_application_server_abap
75d
sap/netweaver_application_server_abap
75e
sap/netweaver_application_server_abap
75f
sap/netweaver_application_server_abap
700
sap/netweaver_application_server_abap
701
sap/netweaver_application_server_abap
702
sap/netweaver_application_server_abap
710
... and 7 more
Published
Jul 14, 2021
Tracked Since
Feb 18, 2026