CVE-2021-21481

EPSS 0.16%
Veröffentlicht 09.03.2021 15:15:14
Zuletzt bearbeitet 21.11.2024 05:48:27
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Netweaver Version7.10

SAP ≫ Netweaver Version7.11

SAP ≫ Netweaver Version7.20

SAP ≫ Netweaver Version7.30

SAP ≫ Netweaver Version7.31

SAP ≫ Netweaver Version7.40

SAP ≫ Netweaver Version7.50

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.369

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	8.3	6.5	10	AV:A/AC:L/Au:N/C:C/I:C/A:C
cna@sap.com	9.6	2.8	6	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3022422

Vendor Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2021-21481

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-21481

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-21481

EUVD