CVE-2021-40496: 
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation

SAP Internet Communication framework (ICM) vulnerability (CVE-2021-40496) affects multiple versions including 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, and 785. The vulnerability was disclosed on October 12, 2021, and allows an attacker with logon functionality to exploit the authentication function by manipulating POST and form fields to repeat executions of initial commands through GET requests (AttackerKB).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (Medium severity) with an Impact Score of 1.4 and Exploitability Score of 2.8. The attack vector is Network-based (AV:N) with Low attack complexity (AC:L), requiring Low privileges (PR:L) and No user interaction (UI:N). The scope is Unchanged (S:U) with Low impact on confidentiality (C:L) and No impact on integrity (I:N) or availability (A:N) (AttackerKB).

Successful exploitation of this vulnerability can lead to exposure of sensitive data including system details. The primary impact is on data confidentiality, with no reported effects on system integrity or availability (AttackerKB).

SAP has released security notes and patches for this vulnerability. Users can find detailed mitigation information in SAP Security Note 3087254 (SAP Note).