CVE-2021-44232
Severity Score
7.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server.
SAF-T Framework Transaction SAFTN_G permite a un atacante explotar una comprobaciĆ³n insuficiente de la informaciĆ³n de la ruta proporcionada por el usuario normal, conllevando a un acceso completo al directorio del servidor. El atacante puede ver toda la estructura del sistema de archivos pero no puede sobrescribir, borrar o corromper archivos arbitrarios en el servidor
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-11-26 CVE Reserved
- 2021-12-14 CVE Published
- 2024-06-11 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://launchpad.support.sap.com/#/notes/3124094 | 2021-12-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Saf-t Framework Search vendor "Sap" for product "Saf-t Framework" | 103 Search vendor "Sap" for product "Saf-t Framework" and version "103" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Saf-t Framework Search vendor "Sap" for product "Saf-t Framework" | 104 Search vendor "Sap" for product "Saf-t Framework" and version "104" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Saf-t Framework Search vendor "Sap" for product "Saf-t Framework" | 105 Search vendor "Sap" for product "Saf-t Framework" and version "105" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Saf-t Framework Search vendor "Sap" for product "Saf-t Framework" | 602 Search vendor "Sap" for product "Saf-t Framework" and version "602" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Saf-t Framework Search vendor "Sap" for product "Saf-t Framework" | 603 Search vendor "Sap" for product "Saf-t Framework" and version "603" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Saf-t Framework Search vendor "Sap" for product "Saf-t Framework" | 604 Search vendor "Sap" for product "Saf-t Framework" and version "604" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Saf-t Framework Search vendor "Sap" for product "Saf-t Framework" | 605 Search vendor "Sap" for product "Saf-t Framework" and version "605" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Saf-t Framework Search vendor "Sap" for product "Saf-t Framework" | 606 Search vendor "Sap" for product "Saf-t Framework" and version "606" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Saf-t Framework Search vendor "Sap" for product "Saf-t Framework" | 618 Search vendor "Sap" for product "Saf-t Framework" and version "618" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Saf-t Framework Search vendor "Sap" for product "Saf-t Framework" | 720 Search vendor "Sap" for product "Saf-t Framework" and version "720" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Saf-t Framework Search vendor "Sap" for product "Saf-t Framework" | 730 Search vendor "Sap" for product "Saf-t Framework" and version "730" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Saf-t Framework Search vendor "Sap" for product "Saf-t Framework" | s4core_102 Search vendor "Sap" for product "Saf-t Framework" and version "s4core_102" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Saf-t Framework Search vendor "Sap" for product "Saf-t Framework" | sap_appl_600 Search vendor "Sap" for product "Saf-t Framework" and version "sap_appl_600" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Saf-t Framework Search vendor "Sap" for product "Saf-t Framework" | sap_fin_617 Search vendor "Sap" for product "Saf-t Framework" and version "sap_fin_617" | - |
Affected
| ||||||