← back
CVE-2021-33668

CVE-2021-33668

CVSS 5.3 MEDIUMEPSS 1.1%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
09 Jun 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
SAP SE · SAP InfraBox

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/SAP/scimono/security/advisories/GHSA-wg9g-w4fg-3qqc