// For flags

CVE-2021-33671

 

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of functionality restricted to a particular user group, and could allow unauthorized users to read, modify or delete restricted data.

SAP NetWeaver Guided Procedures (Administration Workset), versiones - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, no lleva a cabo las comprobaciones de autorización necesarias para un usuario autenticado, resultando en una escalada de privilegios. El impacto de la falta de autorización podría resultar en el abuso de la funcionalidad restringida a un grupo de usuarios en particular, y podría permitir a usuarios no autorizados a leer, modificar o eliminar los datos restringidos

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-05-28 CVE Reserved
  • 2021-07-14 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-862: Missing Authorization
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 2021-07-16
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sap
Search vendor "Sap"
 Netweaver Guided Procedures
Search vendor "Sap" for product "Netweaver Guided Procedures"
 7.10
Search vendor "Sap" for product "Netweaver Guided Procedures" and version "7.10"
-
Affected
Sap
Search vendor "Sap"
 Netweaver Guided Procedures
Search vendor "Sap" for product "Netweaver Guided Procedures"
 7.20
Search vendor "Sap" for product "Netweaver Guided Procedures" and version "7.20"
-
Affected
Sap
Search vendor "Sap"
 Netweaver Guided Procedures
Search vendor "Sap" for product "Netweaver Guided Procedures"
 7.30
Search vendor "Sap" for product "Netweaver Guided Procedures" and version "7.30"
-
Affected
Sap
Search vendor "Sap"
 Netweaver Guided Procedures
Search vendor "Sap" for product "Netweaver Guided Procedures"
 7.31
Search vendor "Sap" for product "Netweaver Guided Procedures" and version "7.31"
-
Affected
Sap
Search vendor "Sap"
 Netweaver Guided Procedures
Search vendor "Sap" for product "Netweaver Guided Procedures"
 7.40
Search vendor "Sap" for product "Netweaver Guided Procedures" and version "7.40"
-
Affected
Sap
Search vendor "Sap"
 Netweaver Guided Procedures
Search vendor "Sap" for product "Netweaver Guided Procedures"
 7.50
Search vendor "Sap" for product "Netweaver Guided Procedures" and version "7.50"
-
Affected