CVE-2021-44235: 
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation

CVE-2021-44235 is a vulnerability affecting SAP NetWeaver AS ABAP across multiple versions (700-756). The vulnerability was disclosed on December 14, 2021, and affects the utility class methods in SAP NetWeaver AS ABAP. This security issue requires high privileges and direct access to the SAP System to be exploited (NVD).

The vulnerability allows code injection when executing with a certain transaction class builder. It has been assigned a CVSS v3.1 Base Score of 6.7 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The attack vector is Local (AV:L), with Low attack complexity (AC:L), requiring High privileges (PR:H), and No user interaction (UI:N) (NVD).

The successful exploitation of this vulnerability could allow execution of arbitrary commands on the operating system, significantly impacting the Confidentiality, Integrity, and Availability of the system. The vulnerability has been classified with High impact ratings for all three security properties (NVD).

SAP has released security patches to address this vulnerability as part of their December 2021 Security Patch Day. Organizations are advised to apply the relevant security updates (SAP Security Patch).