← volver
CVE-2021-21475

CVE-2021-21475

CVSS 6.8 MEDIUMEPSS 1.9%
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.8EPSS 1.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
09 feb 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs. Due to this Directory Traversal vulnerability the attacker could read content of arbitrary files on the remote server and expose sensitive data.
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Productos afectados
SAP SE · SAP NetWeaver Master Data Management Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://launchpad.support.sap.com/#/notes/3000897https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543