// For flags

CVE-2021-21475

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs. Due to this Directory Traversal vulnerability the attacker could read content of arbitrary files on the remote server and expose sensitive data.

En circunstancias específicas, SAP Master Data Management, versiones - 710, 710.750, permite a un atacante no autorizado explotar una comprobación insuficiente de la información de ruta proporcionada por los usuarios, por lo que los caracteres que representan "traverse to parent directory" son transferidos a las API de archivo. Debido a esta vulnerabilidad de Salto de Directorio, el atacante podría leer el contenido de archivos arbitrarios en el servidor remoto y exponer datos confidenciales

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-12-30 CVE Reserved
  • 2021-02-09 CVE Published
  • 2023-10-26 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543 2021-02-16
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sap
Search vendor "Sap"
 Netweaver Master Data Management Server
Search vendor "Sap" for product "Netweaver Master Data Management Server"
 710
Search vendor "Sap" for product "Netweaver Master Data Management Server" and version "710"
-
Affected
Sap
Search vendor "Sap"
 Netweaver Master Data Management Server
Search vendor "Sap" for product "Netweaver Master Data Management Server"
 710.750
Search vendor "Sap" for product "Netweaver Master Data Management Server" and version "710.750"
-
Affected