Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-21481

Опубликовано: 09 мар. 2021
Источник: nvd
CVSS3: 9.6
CVSS3: 8.8
CVSS2: 8.3
EPSS Низкий

Описание

The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.11:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.31:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*

EPSS

Процентиль: 37%
0.00156
Низкий

9.6 Critical

CVSS3

8.8 High

CVSS3

8.3 High

CVSS2

Дефекты

CWE-863

Связанные уязвимости

github логотип

GHSA-cwx3-9577-fcx4

github
больше 3 лет назад

The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability.

EPSS

Процентиль: 37%
0.00156
Низкий

9.6 Critical

CVSS3

8.8 High

CVSS3

8.3 High

CVSS2

Дефекты

CWE-863