CVE-2021-40499
CRITICALSAP Cloud Print Manager/SAPSprint <7.70 - Code Injection
Title source: llmDescription
Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/3100882
Scores
CVSS v3
9.8
EPSS
0.0069
EPSS Percentile
72.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (3)
sap/netweaver_application_server_abap
7.70
sap/netweaver_application_server_abap
7.70_pi
sap/netweaver_application_server_abap
7.70byd
Published
Oct 12, 2021
Tracked Since
Feb 18, 2026