Vulnerability Details : CVE-2021-33701
DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability.
Vulnerability category: Sql Injection
Products affected by CVE-2021-33701
- cpe:2.3:a:sap:sapscore:125:*:*:*:*:*:*:*
- cpe:2.3:a:sap:s4core:102:*:*:*:*:*:*:*
- cpe:2.3:a:sap:s4core:103:*:*:*:*:*:*:*
- cpe:2.3:a:sap:s4core:104:*:*:*:*:*:*:*
- cpe:2.3:a:sap:s4core:105:*:*:*:*:*:*:*
- cpe:2.3:a:sap:dmis:710:*:*:*:*:*:*:*
- cpe:2.3:a:sap:dmis:2011_1_620:*:*:*:*:*:*:*
- cpe:2.3:a:sap:dmis:2011_1_640:*:*:*:*:*:*:*
- cpe:2.3:a:sap:dmis:2011_1_700:*:*:*:*:*:*:*
- cpe:2.3:a:sap:dmis:2011_1_710:*:*:*:*:*:*:*
- cpe:2.3:a:sap:dmis:2011_1_730:*:*:*:*:*:*:*
- cpe:2.3:a:sap:dmis:2011_1_731:*:*:*:*:*:*:*
- cpe:2.3:a:sap:dmis:2011_1_752:*:*:*:*:*:*:*
- cpe:2.3:a:sap:dmis:2020125:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-33701
0.94%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-33701
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
9.1
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
2.3
|
6.0
|
SAP SE | |
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
2.3
|
6.0
|
NIST |
CWE ids for CVE-2021-33701
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.Assigned by:
- cna@sap.com (Primary)
- nvd@nist.gov (Secondary)
References for CVE-2021-33701
-
http://seclists.org/fulldisclosure/2021/Dec/36
Full Disclosure: SEC Consult SA-20211214-1 :: Remote ABAP Code Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIGExploit;Mailing List;Third Party Advisory
-
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
SAP Security Patch Day – August 2021 - Product Security Response at SAP - Community WikiVendor Advisory
-
https://launchpad.support.sap.com/#/notes/3078312
SAP ONE Support Launchpad: Log OnPermissions Required;VDB Entry;Vendor Advisory
-
http://seclists.org/fulldisclosure/2021/Dec/35
Full Disclosure: SEC Consult SA-20211214-0 :: Remote ADBC SQL Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIGExploit;Mailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/165304/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-ABAP-Code-Injection.html
SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG ABAP Code Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/165303/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-SQL-Injection.html
SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG SQL Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to