{"containers": {"cna": {"affected": [{"product": "SAP NetWeaver AS ABAP and ABAP Platform", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 700"}, {"status": "affected", "version": "< 701"}, {"status": "affected", "version": "< 702"}, {"status": "affected", "version": "< 730"}, {"status": "affected", "version": "< 731"}, {"status": "affected", "version": "< 740"}, {"status": "affected", "version": "< 750"}, {"status": "affected", "version": "< 751"}, {"status": "affected", "version": "< 752"}, {"status": "affected", "version": "< 753"}, {"status": "affected", "version": "< 754"}, {"status": "affected", "version": "< 755"}, {"status": "affected", "version": "< 756"}, {"status": "affected", "version": "< 785"}]}], "descriptions": [{"lang": "en", "value": "SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-668", "description": "CWE-668", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-12T14:03:51", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/3087254"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2021-40496", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP NetWeaver AS ABAP and ABAP Platform", "version": {"version_data": [{"version_name": "<", "version_value": "700"}, {"version_name": "<", "version_value": "701"}, {"version_name": "<", "version_value": "702"}, {"version_name": "<", "version_value": "730"}, {"version_name": "<", "version_value": "731"}, {"version_name": "<", "version_value": "740"}, {"version_name": "<", "version_value": "750"}, {"version_name": "<", "version_value": "751"}, {"version_name": "<", "version_value": "752"}, {"version_name": "<", "version_value": "753"}, {"version_name": "<", "version_value": "754"}, {"version_name": "<", "version_value": "755"}, {"version_name": "<", "version_value": "756"}, {"version_name": "<", "version_value": "785"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details."}]}, "impact": {"cvss": {"baseScore": "null", "vectorString": "null", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-668"}]}]}, "references": {"reference_data": [{"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"}, {"name": "https://launchpad.support.sap.com/#/notes/3087254", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3087254"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:44:10.795Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/3087254"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2021-40496", "datePublished": "2021-10-12T14:03:51", "dateReserved": "2021-09-03T00:00:00", "dateUpdated": "2024-08-04T02:44:10.795Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_abap:700:*:*:*:*:*:*:*", "matchCriteriaId": "E0DA7CC6-A0F6-4839-965D-C60F691496AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:701:*:*:*:*:*:*:*", "matchCriteriaId": "6497854E-9C7B-4DAF-ADC6-F26523BB7D47", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*", "matchCriteriaId": "FFC58754-3A9D-4320-AB4F-385FB72608E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:730:*:*:*:*:*:*:*", "matchCriteriaId": "6D46B6A9-C9F3-4270-AA6D-9988D6D4E608", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*", "matchCriteriaId": "5B8A73A5-4526-40E1-A540-0A6C3F93DA05", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*", "matchCriteriaId": "09A38B6E-03DC-4086-A307-542B35814E0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*", "matchCriteriaId": "4651257F-7BFC-41AE-8E37-8C96F822CE58", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*", "matchCriteriaId": "EECB438D-D5CD-4483-934F-4C814A725A35", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*", "matchCriteriaId": "14A1CD95-14E1-438A-92FB-A0E47A88C59F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*", "matchCriteriaId": "4148303B-133A-4FD2-B546-DD86C5D0E7C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*", "matchCriteriaId": "E51EF6BC-4C1C-4F1B-9873-D571BE3788F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*", "matchCriteriaId": "424A3D68-0825-4A2C-BEB1-DC9A212A5E42", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:756:*:*:*:*:*:*:*", "matchCriteriaId": "5F4A410E-6276-4DD2-8C84-8B7DD06AD8FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:785:*:*:*:*:*:*:*", "matchCriteriaId": "76FF2082-3D69-41D9-AB86-F5E49D2485C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*", "matchCriteriaId": "C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*", "matchCriteriaId": "98B2522A-B850-4EC2-B2F2-5EBF36801B39", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*", "matchCriteriaId": "706FEB9E-3EE9-405E-A8C9-733DAF68AC6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*", "matchCriteriaId": "2F1B47E4-C4E3-4D79-9048-EF6A82B8085E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*", "matchCriteriaId": "5CC29738-CF17-4E6B-9C9E-879B17F7E001", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*", "matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*", "matchCriteriaId": "7777AA80-1608-420E-B7D5-09ABECD51728", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*", "matchCriteriaId": "0539618A-1C4D-463F-B2BB-DD1C239C23EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*", "matchCriteriaId": "62828DCD-F80E-4C7C-A988-EFEA06A5223E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*", "matchCriteriaId": "D9F38585-73AE-4DBB-A978-F0272DF8FB58", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*", "matchCriteriaId": "D416C064-BB8A-4230-A761-84A93E017F79", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*", "matchCriteriaId": "6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*", "matchCriteriaId": "72491771-4492-4902-9F0C-CE6A60BAA705", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:785:*:*:*:*:*:*:*", "matchCriteriaId": "EC94057A-D02A-4111-BC35-4CD49C68B73B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details."}, {"lang": "es", "value": "SAP Internet Communication framework (ICM) - versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, permite a un atacante con la funcionalidad logon, explotar la funci\u00f3n de autenticaci\u00f3n mediante el uso de POST y el campo form para repetir las ejecuciones del comando inicial mediante una petici\u00f3n GET y exponer datos confidenciales. Esta vulnerabilidad es normalmente expuesta a trav\u00e9s de la red y su explotaci\u00f3n con \u00e9xito puede conllevar a una exposici\u00f3n de datos como detalles del sistema"}], "id": "CVE-2021-40496", "lastModified": "2024-11-21T06:24:15.753", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-12T15:15:09.267", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/3087254"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/3087254"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "cna@sap.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}