CVE-2021-44231

high-risk
Published 2021-12-14

Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

Do I need to act?

-
0.73% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Abap Platform
Abap Platform
Abap Platform
Abap Platform
Abap Platform
Abap Platform
Abap Platform
Abap Platform
Abap Platform
Abap Platform

Affected Vendors

Sap

References (4)

Permissions Required https://launchpad.support.sap.com/#/notes/3119365
Vendor Advisory https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
Permissions Required https://launchpad.support.sap.com/#/notes/3119365
Vendor Advisory https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
54
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 20/34 · Moderate