Strix
26.1K

CVE-2021-38178

HIGHCVSS 8.8/10EPSS 1.25%

Last modified

CVE-2021-38178 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data.. EPSS estimates a 1.25% chance of exploitation in the next 30 days.

Description

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.25%

65.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
SapNetweaver Abap700
SapNetweaver Abap701
SapNetweaver Abap702
SapNetweaver Abap710
SapNetweaver Abap730
SapNetweaver Abap731
SapNetweaver Abap740
SapNetweaver Abap750
SapNetweaver Abap751
SapNetweaver Abap752
SapNetweaver Abap753
SapNetweaver Abap754
SapNetweaver Abap755
SapNetweaver Abap756
SapNetweaver Application Server Abap700
SapNetweaver Application Server Abap701
SapNetweaver Application Server Abap702
SapNetweaver Application Server Abap710
SapNetweaver Application Server Abap730
SapNetweaver Application Server Abap731
SapNetweaver Application Server Abap740
SapNetweaver Application Server Abap750
SapNetweaver Application Server Abap751
SapNetweaver Application Server Abap752
SapNetweaver Application Server Abap753
SapNetweaver Application Server Abap754
SapNetweaver Application Server Abap755
SapNetweaver Application Server Abap756

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-38178?
The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data.
How severe is CVE-2021-38178?
CVE-2021-38178 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 1.25% probability of exploitation in the next 30 days.
How do I fix CVE-2021-38178?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-38178?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST