Code Injection Vulnerability in SAP Business Warehouse and BW/4HANA
CVE-2021-21466
9.9CRITICAL
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 12 January 2021
What is CVE-2021-21466?
SAP Business Warehouse and BW/4HANA are susceptible to a security vulnerability that enables an attacker with low privileges to inject malicious code using a remote enabled function module. This weakness allows attackers to craft and execute harmful ABAP reports, which can potentially lead to unauthorized access to sensitive information, the execution of damaging UPDATE statements, and disruption of the SAP system's functionality, causing service outages.
Affected Version(s)
SAP Business Warehouse < 700 < 700
SAP Business Warehouse < 701 < 701
SAP Business Warehouse < 702 < 702