PT-2021-22905 · Sap · Sap Cloud Print Manager+2

Published

2021-10-12

Updated

2021-10-18

CVE-2021-40499

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP versions 7.70, 7.70 PI, 7.70 BYD

Description The client-side printing services SAP Cloud Print Manager and SAPSprint allow an attacker to inject code that can be executed by the application, potentially controlling the behavior of the application.

Recommendations For versions 7.70, 7.70 PI, 7.70 BYD, update to a version that includes a fix for this issue to prevent code injection attacks. As a temporary workaround, consider restricting access to the client-side printing services to minimize the risk of exploitation.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2021-40499

Affected Products

Sap Cloud Print Manager

Sap Netweaver Application Server Abap

Sapsprint

PT-2021-22905 · Sap · Sap Cloud Print Manager+2

CVE-2021-40499

Weakness Enumeration

Related Identifiers

Affected Products

References · 5