QSearchQSearch

CVE-2021-38178

8.8 HIGH

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753...

Published: 2021-10-12 · Last updated: 2026-06-17

Severity and scoring

CVSS
8.8 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

VendorProduct
sapnetweaver_abap, netweaver_application_server_abap

Description

The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-27680 Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascad... (3.1 LOW)
  • CVE-2026-40135 An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authentica... (6.5 MEDIUM)
  • CVE-2026-27682 Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Serv... (4.7 MEDIUM)
  • CVE-2026-34257 Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL tha... (6.1 MEDIUM)
  • CVE-2026-27674 Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could suppl... (6.1 MEDIUM)