CVE-2021-40496
MEDIUMSAP NetWeaver ABAP - Authenticated Data Exposure via ICM Authentication Function
Title source: llmDescription
SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/3087254
Scores
CVSS v3
4.3
EPSS
0.0042
EPSS Percentile
61.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-668
Status
published
Products (28)
sap/netweaver_abap
700
sap/netweaver_abap
701
sap/netweaver_abap
702
sap/netweaver_abap
730
sap/netweaver_abap
731
sap/netweaver_abap
740
sap/netweaver_abap
750
sap/netweaver_abap
751
sap/netweaver_abap
752
sap/netweaver_abap
753
... and 18 more
Published
Oct 12, 2021
Tracked Since
Feb 18, 2026