Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

CVE-2021-21465 Multiple vulnerabilities in SAP Business Warehouse (Database Interface), SAP security note 2986980

Description

UPDATE 9th February 2021: This note has been re-released with updated ‘validity’, and ‘Support Packages & Patches’ information. The note was enhanced to BW releases from BW 7.0x

UPDATE 26th January 2021: This note has been re-released with updated ‘validity’, and ‘Support Packages & Patches’ information. We enhanced the validity for all covered codelines to the lowest possible SP-level.

This SAP Security Note addresses vulnerabilities identified in SAP Business Warehouse Database Interface. The vulnerability details along with their CVE relevant information can be found below.

SQL Injection

The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system

  • CVE-2021-21465
  • CVSS Score: 9.9; CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Missing Authorization check

The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table.

  • CVE-2021-21468
  • CVSS Score: 6.5; CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Available fix and Supported packages

  • SAP_BW | 700 | 702
  • SAP_BW | 710 | 711
  • SAP_BW | 730 | 730
  • SAP_BW | 731 | 731
  • SAP_BW | 740 | 740
  • SAP_BW | 750 | 755
  • SAP_BW | 782 | 782
  • SAP_BW_VIRTUAL_COMP | 701 | 701
  • SAP_BW 755 | SAPK-75501INSAPBW |
  • SAP_BW 750 | SAPK-75020INSAPBW |
  • SAP_BW 751 | SAPK-75112INSAPBW |
  • SAP_BW 752 | SAPK-75208INSAPBW |
  • SAP_BW 753 | SAPK-75306INSAPBW |
  • SAP_BW 754 | SAPK-75404INSAPBW |
  • SAP_BW 700 | SAPKW70041 |
  • SAP_BW 701 | SAPKW70124 |
  • SAP_BW 702 | SAPKW70224 |
  • SAP_BW 731 | SAPKW73129 |
  • SAP_BW 740 | SAPKW74026 |
  • SAP_BW 782 | SAPK-78203INSAPBW |
  • SAP_BW_VIRTUAL_COMP 701 | SAPK-70169INVCBWTECH |

Affected component

    BW-WHM-DST-DBC
    DB Connect

CVSS

Score: 9.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2986980

TAGS

#Injection-attack
#blind-SQL-injection
#database-vulnerabilities-&160-Access-control
#Authorization-error
#Authorization-profile

Explore More

RedRays AI for ABAP Code Security

Empowering Secure, Efficient, and Compliant SAP ABAP Development—in Real Time and Without Data Retention In today’s rapidly evolving business landscape, organizations increasingly

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.