CVE-2021-40499 - OpenCVE

Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	Netweaver Application Server Abap

Configuration 1 [-]

OR	cpe:2.3:a:sap:netweaver_application_server_abap:7.70:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:7.70_pi:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:7.70byd:::::::*

No data.

References

Link	Providers
https://launchpad.support.sap.com/#/notes/3100882
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983

History

No history.

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2021-10-12T14:04:00

Updated: 2024-08-04T02:44:10.842Z

Reserved: 2021-09-03T00:00:00

Link: CVE-2021-40499

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-12T15:15:09.637

Modified: 2021-10-18T18:37:04.680

Link: CVE-2021-40499

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SAP NetWeaver Application Server for ABAP (SAP Cloud Print Manager and SAPSprint)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 7.70"}, {"status": "affected", "version": "< 7.70 PI"}, {"status": "affected", "version": "< 7.70BYD"}]}], "descriptions": [{"lang": "en", "value": "Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application."}], "problemTypes": [{"descriptions": [{"description": "Code Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-12T14:04:00", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/3100882"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2021-40499", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP NetWeaver Application Server for ABAP (SAP Cloud Print Manager and SAPSprint)", "version": {"version_data": [{"version_name": "<", "version_value": "7.70"}, {"version_name": "<", "version_value": "7.70 PI"}, {"version_name": "<", "version_value": "7.70BYD"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application."}]}, "impact": {"cvss": {"baseScore": "null", "vectorString": "null", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Code Injection"}]}]}, "references": {"reference_data": [{"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"}, {"name": "https://launchpad.support.sap.com/#/notes/3100882", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3100882"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:44:10.842Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/3100882"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2021-40499", "datePublished": "2021-10-12T14:04:00", "dateReserved": "2021-09-03T00:00:00", "dateUpdated": "2024-08-04T02:44:10.842Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.70:*:*:*:*:*:*:*", "matchCriteriaId": "1506470D-41D9-44F8-AA3A-FA4971640FA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.70_pi:*:*:*:*:*:*:*", "matchCriteriaId": "981B6677-8B4E-4683-B68D-446A58185298", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.70byd:*:*:*:*:*:*:*", "matchCriteriaId": "EAC4702C-896D-401E-AFF0-F96FFC94EBEC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application."}, {"lang": "es", "value": "Los servicios de impresi\u00f3n del lado del cliente SAP Cloud Print Manager y SAPSprint para SAP NetWeaver Application Server for ABAP - versiones 7.70, 7.70 PI, 7.70 BYD, permiten a un atacante inyectar c\u00f3digo que puede ser ejecutado por la aplicaci\u00f3n. Un atacante podr\u00eda as\u00ed controlar el comportamiento de la aplicaci\u00f3n"}], "id": "CVE-2021-40499", "lastModified": "2021-10-18T18:37:04.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-12T15:15:09.637", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://launchpad.support.sap.com/#/notes/3100882"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}