Description
A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/3048657
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2022/May/42
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html
Scores
CVSS v3
6.5
EPSS
0.0255
EPSS Percentile
82.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-95
CWE-94
Status
published
Products (17)
sap/netweaver_application_server_abap
75a
sap/netweaver_application_server_abap
75b
sap/netweaver_application_server_abap
75c
sap/netweaver_application_server_abap
75d
sap/netweaver_application_server_abap
75e
sap/netweaver_application_server_abap
75f
sap/netweaver_application_server_abap
700
sap/netweaver_application_server_abap
701
sap/netweaver_application_server_abap
702
sap/netweaver_application_server_abap
710
... and 7 more
Published
Jul 14, 2021
Tracked Since
Feb 18, 2026