CVE-2021-38178

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS ABAP and ABAP Platform versions 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756

Description The software logistics system enables a malicious user to transfer ABAP code artifacts or content, bypassing the established quality gates. This can allow malicious code to reach quality and production, compromising the confidentiality, integrity, and availability of the system and its data. The issue is related to incorrect authorization, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For SAP NetWeaver AS ABAP and ABAP Platform versions 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, consider implementing additional authorization checks to prevent bypassing of quality gates. As a temporary workaround, consider restricting access to the software logistics system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.