Code Injection Vulnerability in SAP NetWeaver AS ABAP Reconciliation Framework

Code Injection Vulnerability in SAP NetWeaver AS ABAP Reconciliation Framework

CVE-2021-33678 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable.

Learn more about our Web Application Penetration Testing UK.