CVE-2021-44231
CRITICALSAP ABAP Platform - Code Injection via Text Extraction Reports
Title source: llmDescription
Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/3119365
Scores
CVSS v3
9.8
EPSS
0.0073
EPSS Percentile
72.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (20)
sap/abap_platform
701
sap/abap_platform
740
sap/abap_platform
750
sap/abap_platform
751
sap/abap_platform
752
sap/abap_platform
753
sap/abap_platform
754
sap/abap_platform
755
sap/abap_platform
756
sap/abap_platform
804
... and 10 more
Published
Dec 14, 2021
Tracked Since
Feb 18, 2026