Home

CVE-2021-44235

Description

Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system.

Risk Information

Base Score
6.7
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.12

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 731Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 740Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAPWindows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 751Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 752Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 753Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 754Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 755Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 700Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 710Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 730Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 711Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAPWindows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 702Windows
Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 756Windows
Multiple Vulnerabilities are affected in SAP NetWeaver and ABAP platform (ST-PI) 710Windows
Multiple Vulnerabilities are affected in SAP NetWeaver and ABAP platform (ST-PI) 711Windows
Multiple Vulnerabilities are affected in SAP NetWeaver and ABAP platform (ST-PI) 730Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234