CVE-2021-40496

Published Oct 12, 2021

Last updated 2 years ago

CVSS medium 4.3

Overview

Description: SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.
Source: cna@sap.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

cna@sap.com: CWE-668
nvd@nist.gov: CWE-668

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:700:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0DA7CC6-A0F6-4839-965D-C60F691496AD"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:701:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6497854E-9C7B-4DAF-ADC6-F26523BB7D47"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFC58754-3A9D-4320-AB4F-385FB72608E7"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:730:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D46B6A9-C9F3-4270-AA6D-9988D6D4E608"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B8A73A5-4526-40E1-A540-0A6C3F93DA05"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09A38B6E-03DC-4086-A307-542B35814E0E"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4651257F-7BFC-41AE-8E37-8C96F822CE58"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EECB438D-D5CD-4483-934F-4C814A725A35"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14A1CD95-14E1-438A-92FB-A0E47A88C59F"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4148303B-133A-4FD2-B546-DD86C5D0E7C1"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E51EF6BC-4C1C-4F1B-9873-D571BE3788F5"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "424A3D68-0825-4A2C-BEB1-DC9A212A5E42"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:756:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F4A410E-6276-4DD2-8C84-8B7DD06AD8FD"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:785:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76FF2082-3D69-41D9-AB86-F5E49D2485C9"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98B2522A-B850-4EC2-B2F2-5EBF36801B39"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "706FEB9E-3EE9-405E-A8C9-733DAF68AC6D"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F1B47E4-C4E3-4D79-9048-EF6A82B8085E"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CC29738-CF17-4E6B-9C9E-879B17F7E001"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7777AA80-1608-420E-B7D5-09ABECD51728"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0539618A-1C4D-463F-B2BB-DD1C239C23EB"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62828DCD-F80E-4C7C-A988-EFEA06A5223E"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9F38585-73AE-4DBB-A978-F0272DF8FB58"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D416C064-BB8A-4230-A761-84A93E017F79"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72491771-4492-4902-9F0C-CE6A60BAA705"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:785:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC94057A-D02A-4111-BC35-4CD49C68B73B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References