{"containers": {"cna": {"affected": [{"product": "SAP NetWeaver AS ABAP", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 700"}, {"status": "affected", "version": "< 701"}, {"status": "affected", "version": "< 702"}, {"status": "affected", "version": "< 710"}, {"status": "affected", "version": "< 711"}, {"status": "affected", "version": "< 730"}, {"status": "affected", "version": "< 731"}, {"status": "affected", "version": "< 740"}, {"status": "affected", "version": "< 750"}, {"status": "affected", "version": "< 751"}, {"status": "affected", "version": "< 752"}, {"status": "affected", "version": "< 753"}, {"status": "affected", "version": "< 754"}, {"status": "affected", "version": "< 755"}, {"status": "affected", "version": "< 756"}]}], "descriptions": [{"lang": "en", "value": "Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system."}], "problemTypes": [{"descriptions": [{"description": "Code Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-14T15:44:09.000Z", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/3123196"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2021-44235", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP NetWeaver AS ABAP", "version": {"version_data": [{"version_name": "<", "version_value": "700"}, {"version_name": "<", "version_value": "701"}, {"version_name": "<", "version_value": "702"}, {"version_name": "<", "version_value": "710"}, {"version_name": "<", "version_value": "711"}, {"version_name": "<", "version_value": "730"}, {"version_name": "<", "version_value": "731"}, {"version_name": "<", "version_value": "740"}, {"version_name": "<", "version_value": "750"}, {"version_name": "<", "version_value": "751"}, {"version_name": "<", "version_value": "752"}, {"version_name": "<", "version_value": "753"}, {"version_name": "<", "version_value": "754"}, {"version_name": "<", "version_value": "755"}, {"version_name": "<", "version_value": "756"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system."}]}, "impact": {"cvss": {"baseScore": "null", "vectorString": "null", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Code Injection"}]}]}, "references": {"reference_data": [{"name": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021"}, {"name": "https://launchpad.support.sap.com/#/notes/3123196", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3123196"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:17:24.558Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/3123196"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2021-44235", "datePublished": "2021-12-14T15:44:09.000Z", "dateReserved": "2021-11-26T00:00:00.000Z", "dateUpdated": "2024-08-04T04:17:24.558Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*", "matchCriteriaId": "C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*", "matchCriteriaId": "98B2522A-B850-4EC2-B2F2-5EBF36801B39", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*", "matchCriteriaId": "706FEB9E-3EE9-405E-A8C9-733DAF68AC6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:*:*:*:*", "matchCriteriaId": "9B5BF1EC-C2A6-486B-8E63-0A7ED431C1F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:*:*:*:*", "matchCriteriaId": "17847B21-8BE6-4359-913B-B6592D37C655", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*", "matchCriteriaId": "2F1B47E4-C4E3-4D79-9048-EF6A82B8085E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*", "matchCriteriaId": "5CC29738-CF17-4E6B-9C9E-879B17F7E001", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*", "matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*", "matchCriteriaId": "7777AA80-1608-420E-B7D5-09ABECD51728", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*", "matchCriteriaId": "0539618A-1C4D-463F-B2BB-DD1C239C23EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*", "matchCriteriaId": "62828DCD-F80E-4C7C-A988-EFEA06A5223E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*", "matchCriteriaId": "D9F38585-73AE-4DBB-A978-F0272DF8FB58", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*", "matchCriteriaId": "D416C064-BB8A-4230-A761-84A93E017F79", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*", "matchCriteriaId": "6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*", "matchCriteriaId": "72491771-4492-4902-9F0C-CE6A60BAA705", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system."}, {"lang": "es", "value": "Dos m\u00e9todos de una clase de utilidad en SAP NetWeaver AS ABAP - versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, permiten a un atacante con altos privilegios y que tenga acceso directo al sistema SAP, inyectar c\u00f3digo cuando es ejecutado con un determinado constructor de clases de transacci\u00f3n. Esto podr\u00eda permitir la ejecuci\u00f3n de comandos arbitrarios en el sistema operativo, que podr\u00edan impactar altamente la Confidencialidad, Integridad y Disponibilidad del sistema"}], "id": "CVE-2021-44235", "lastModified": "2024-11-21T06:30:39.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-14T16:15:09.713", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://launchpad.support.sap.com/#/notes/3123196"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://launchpad.support.sap.com/#/notes/3123196"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}