CVE-2021-21465
Published: 12 January 2021
Summary
CVE-2021-21465 is a critical-severity SQL Injection (CWE-89) vulnerability in Sap Business Warehouse. Its CVSS base score is 9.9 (Critical).
Operationally, ranked in the top 18.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-8739
Vulnerability details
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading…
more
to SQL injection vulnerability which can fully compromise the affected SAP system.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.