CVE-2021-40496

MEDIUM

SAP ICM - Auth Bypass

Title source: llm

Description

SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.

References (2)

[Permissions Required, Vendor Advisory] https://launchpad.support.sap.com/#/notes/3087254

[Vendor Advisory] https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983

Scores

CVSS v3 4.3

EPSS 0.0042

EPSS Percentile 61.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-668

Status published

Affected Products (28)

sap/netweaver_abap

sap/netweaver_application_server_abap

... and 13 more

Timeline

Published Oct 12, 2021

Tracked Since Feb 18, 2026