CVE-2024-21737

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-94
View all →

Vulnerability Description

In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability.

Related Vulnerabilities

CVE-2017-2968

CRITICAL
CVSS:9.1(Critical)

Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability.

CWE-942017

CVE-2019-0330

CRITICAL
CVSS:9.1(Critical)

The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application...

CWE-942019

CVE-2019-18582

CRITICAL
CVSS:9.1(Critical)

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A ...

CWE-942019

CVE-2019-6816

CRITICAL
CVSS:9.1(Critical)

In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol.

CWE-942019

CVE-2020-12013

CRITICAL
CVSS:9.1(Critical)

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and ...

CWE-942020

CVE-2020-6318

CRITICAL
CVSS:9.1(Critical)

A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code ...

CWE-942020