cvelistv5 - CVE-2021-21481

CVE-2021-21481 (GCVE-0-2021-21481)

Vulnerability from cvelistv5 – Published: 2021-03-09 14:05 – Updated: 2024-08-03 18:16

Summary

Severity ?

9.6 (Critical)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

Missing Authorization

Assigner

sap

References

URL

Tags

	https://launchpad.support.sap.com/#/notes/3022422	x_refsource_MISC
	https://wiki.scn.sap.com/wiki/pages/viewpage.acti…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	SAP SE	SAP NetWeaver AS JAVA (MigrationService)	Affected: < 7.10 Affected: < 7.11 Affected: < 7.30 Affected: < 7.31 Affected: < 7.40 Affected: < 7.50

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:16:22.540Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/3022422"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP NetWeaver AS JAVA (MigrationService)",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.10"
            },
            {
              "status": "affected",
              "version": "\u003c 7.11"
            },
            {
              "status": "affected",
              "version": "\u003c 7.30"
            },
            {
              "status": "affected",
              "version": "\u003c 7.31"
            },
            {
              "status": "affected",
              "version": "\u003c 7.40"
            },
            {
              "status": "affected",
              "version": "\u003c 7.50"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Missing Authorization",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-09T14:05:51",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/3022422"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2021-21481",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP NetWeaver AS JAVA (MigrationService)",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "7.10"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.11"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.30"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.31"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.40"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "7.50"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "9.6",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://launchpad.support.sap.com/#/notes/3022422",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/3022422"
            },
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107",
              "refsource": "MISC",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2021-21481",
    "datePublished": "2021-03-09T14:05:51",
    "dateReserved": "2020-12-30T00:00:00",
    "dateUpdated": "2024-08-03T18:16:22.540Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDFFDB95-B956-4B22-81F4-A4074D49D4A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21A3F6A8-B060-48CE-841F-698F8F779191\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53B11A3B-C559-428C-8946-7FD9FFBFA1BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"606EFE4F-57A4-44E2-A98D-F0867A658218\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FECD5E96-7669-4747-80D2-27F95BF420BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F019F7F5-7740-4BD4-850F-D7A1923C6200\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2B37045-2FB7-49BB-AE38-B84FAA6ADFB0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability.\"}, {\"lang\": \"es\", \"value\": \"MigrationService, que forma parte de SAP NetWeaver versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no lleva a cabo una comprobaci\\u00f3n de autorizaci\\u00f3n.\u0026#xa0;Esto podr\\u00eda permitir a un atacante no autorizado acceder a los objetos de configuraci\\u00f3n, incluyendo los que otorgan privilegios administrativos.\u0026#xa0;Esto podr\\u00eda resultar en un compromiso total de la confidencialidad, integridad y disponibilidad del sistema\"}]",
      "id": "CVE-2021-21481",
      "lastModified": "2024-11-21T05:48:27.593",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"cna@sap.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 9.6, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 8.3, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 6.5, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-03-09T15:15:14.787",
      "references": "[{\"url\": \"https://launchpad.support.sap.com/#/notes/3022422\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107\", \"source\": \"cna@sap.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/3022422\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cna@sap.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-21481\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2021-03-09T15:15:14.787\",\"lastModified\":\"2024-11-21T05:48:27.593\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability.\"},{\"lang\":\"es\",\"value\":\"MigrationService, que forma parte de SAP NetWeaver versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no lleva a cabo una comprobaci\u00f3n de autorizaci\u00f3n.\u0026#xa0;Esto podr\u00eda permitir a un atacante no autorizado acceder a los objetos de configuraci\u00f3n, incluyendo los que otorgan privilegios administrativos.\u0026#xa0;Esto podr\u00eda resultar en un compromiso total de la confidencialidad, integridad y disponibilidad del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":8.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.5,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDFFDB95-B956-4B22-81F4-A4074D49D4A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21A3F6A8-B060-48CE-841F-698F8F779191\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53B11A3B-C559-428C-8946-7FD9FFBFA1BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"606EFE4F-57A4-44E2-A98D-F0867A658218\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FECD5E96-7669-4747-80D2-27F95BF420BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F019F7F5-7740-4BD4-850F-D7A1923C6200\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2B37045-2FB7-49BB-AE38-B84FAA6ADFB0\"}]}]}],\"references\":[{\"url\":\"https://launchpad.support.sap.com/#/notes/3022422\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/3022422\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2021-AVI-174

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits SAP. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAP NetWeaver Knowledge Management versions 7.01, 7.02, 7.30,7.31, 7.40, 7.50 sans le dernier correctif
SAP	SAP NetWeaver AS Java	SAP NetWeaver AS JAVA (MigrationService) versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50 sans le dernier correctif
SAP	N/A	SAP HANA version 2.0 sans le dernier correctif
SAP	N/A	SAP Manufacturing Integration and Intelligence versions 15.1, 15.2, 15.3, 15.4 sans le dernier correctif
SAP	N/A	SAP 3D Visual Enterprise Viewer version 9 sans le dernier correctif
SAP	N/A	SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 731, 7.40, 7.50 sans le dernier correctif
SAP	N/A	SAP Enterprise Financial Services (Bank Customer Accounts) versions 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800 sans le dernier correctif
SAP	N/A	SAP Payment Engine version 500 sans le dernier correctif

References

Title

Publication Time

Tags

Bulletin de sécurité SAP du 9 mars 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAP NetWeaver Knowledge Management versions 7.01, 7.02, 7.30,7.31, 7.40, 7.50 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS JAVA (MigrationService) versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50 sans le dernier correctif",
      "product": {
        "name": "SAP NetWeaver AS Java",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP HANA version 2.0 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Manufacturing Integration and Intelligence versions 15.1, 15.2, 15.3, 15.4 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP 3D Visual Enterprise Viewer version 9 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 731, 7.40, 7.50 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Enterprise Financial Services (Bank Customer Accounts) versions 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Payment Engine version 500 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-27587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27587"
    },
    {
      "name": "CVE-2021-21487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21487"
    },
    {
      "name": "CVE-2021-27584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27584"
    },
    {
      "name": "CVE-2021-27591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27591"
    },
    {
      "name": "CVE-2021-27589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27589"
    },
    {
      "name": "CVE-2021-21481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21481"
    },
    {
      "name": "CVE-2021-21484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21484"
    },
    {
      "name": "CVE-2021-21480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21480"
    },
    {
      "name": "CVE-2021-27586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27586"
    },
    {
      "name": "CVE-2021-27590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27590"
    },
    {
      "name": "CVE-2021-27588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27588"
    },
    {
      "name": "CVE-2021-21488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21488"
    },
    {
      "name": "CVE-2021-21493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21493"
    },
    {
      "name": "CVE-2021-21486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21486"
    },
    {
      "name": "CVE-2021-21491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21491"
    },
    {
      "name": "CVE-2021-27592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27592"
    },
    {
      "name": "CVE-2021-27585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27585"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-174",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-03-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP du 9 mars 2021",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107"
    }
  ]
}

CERTFR-2021-AVI-174

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAP NetWeaver Knowledge Management versions 7.01, 7.02, 7.30,7.31, 7.40, 7.50 sans le dernier correctif
SAP	SAP NetWeaver AS Java	SAP NetWeaver AS JAVA (MigrationService) versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50 sans le dernier correctif
SAP	N/A	SAP HANA version 2.0 sans le dernier correctif
SAP	N/A	SAP Manufacturing Integration and Intelligence versions 15.1, 15.2, 15.3, 15.4 sans le dernier correctif
SAP	N/A	SAP 3D Visual Enterprise Viewer version 9 sans le dernier correctif
SAP	N/A	SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 731, 7.40, 7.50 sans le dernier correctif
SAP	N/A	SAP Enterprise Financial Services (Bank Customer Accounts) versions 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800 sans le dernier correctif
SAP	N/A	SAP Payment Engine version 500 sans le dernier correctif

References

Title

Publication Time

Tags

Bulletin de sécurité SAP du 9 mars 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAP NetWeaver Knowledge Management versions 7.01, 7.02, 7.30,7.31, 7.40, 7.50 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS JAVA (MigrationService) versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50 sans le dernier correctif",
      "product": {
        "name": "SAP NetWeaver AS Java",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP HANA version 2.0 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Manufacturing Integration and Intelligence versions 15.1, 15.2, 15.3, 15.4 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP 3D Visual Enterprise Viewer version 9 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver Application Server Java (Applications based on Web Dynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 731, 7.40, 7.50 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Enterprise Financial Services (Bank Customer Accounts) versions 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Payment Engine version 500 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-27587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27587"
    },
    {
      "name": "CVE-2021-21487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21487"
    },
    {
      "name": "CVE-2021-27584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27584"
    },
    {
      "name": "CVE-2021-27591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27591"
    },
    {
      "name": "CVE-2021-27589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27589"
    },
    {
      "name": "CVE-2021-21481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21481"
    },
    {
      "name": "CVE-2021-21484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21484"
    },
    {
      "name": "CVE-2021-21480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21480"
    },
    {
      "name": "CVE-2021-27586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27586"
    },
    {
      "name": "CVE-2021-27590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27590"
    },
    {
      "name": "CVE-2021-27588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27588"
    },
    {
      "name": "CVE-2021-21488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21488"
    },
    {
      "name": "CVE-2021-21493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21493"
    },
    {
      "name": "CVE-2021-21486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21486"
    },
    {
      "name": "CVE-2021-21491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21491"
    },
    {
      "name": "CVE-2021-27592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27592"
    },
    {
      "name": "CVE-2021-27585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27585"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-174",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-03-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP du 9 mars 2021",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107"
    }
  ]
}

FKIE_CVE-2021-21481

Vulnerability from fkie_nvd - Published: 2021-03-09 15:15 - Updated: 2024-11-21 05:48

Severity ?

8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cna@sap.com	https://launchpad.support.sap.com/#/notes/3022422	Permissions Required, Vendor Advisory
cna@sap.com	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.support.sap.com/#/notes/3022422	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107	Vendor Advisory

Impacted products

Vendor	Product	Version
sap	netweaver	7.10
sap	netweaver	7.11
sap	netweaver	7.20
sap	netweaver	7.30
sap	netweaver	7.31
sap	netweaver	7.40
sap	netweaver	7.50

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDFFDB95-B956-4B22-81F4-A4074D49D4A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A3F6A8-B060-48CE-841F-698F8F779191",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "53B11A3B-C559-428C-8946-7FD9FFBFA1BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "606EFE4F-57A4-44E2-A98D-F0867A658218",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "FECD5E96-7669-4747-80D2-27F95BF420BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "F019F7F5-7740-4BD4-850F-D7A1923C6200",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2B37045-2FB7-49BB-AE38-B84FAA6ADFB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability."
    },
    {
      "lang": "es",
      "value": "MigrationService, que forma parte de SAP NetWeaver versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no lleva a cabo una comprobaci\u00f3n de autorizaci\u00f3n.\u0026#xa0;Esto podr\u00eda permitir a un atacante no autorizado acceder a los objetos de configuraci\u00f3n, incluyendo los que otorgan privilegios administrativos.\u0026#xa0;Esto podr\u00eda resultar en un compromiso total de la confidencialidad, integridad y disponibilidad del sistema"
    }
  ],
  "id": "CVE-2021-21481",
  "lastModified": "2024-11-21T05:48:27.593",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "cna@sap.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-09T15:15:14.787",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/3022422"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/3022422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-CWX3-9577-FCX4

Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-21481"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-09T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability.",
  "id": "GHSA-cwx3-9577-fcx4",
  "modified": "2022-05-24T17:43:59Z",
  "published": "2022-05-24T17:43:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21481"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/3022422"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2021-21481

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-21481

Aliases

CVE-2021-21481

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-21481",
    "description": "The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability.",
    "id": "GSD-2021-21481"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-21481"
      ],
      "details": "The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability.",
      "id": "GSD-2021-21481",
      "modified": "2023-12-13T01:23:10.611123Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cna@sap.com",
        "ID": "CVE-2021-21481",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SAP NetWeaver AS JAVA (MigrationService)",
                    "version": {
                      "version_data": [
                        {
                          "version_name": "\u003c",
                          "version_value": "7.10"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.11"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.30"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.31"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.40"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "7.50"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SAP SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": "9.6",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Missing Authorization"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://launchpad.support.sap.com/#/notes/3022422",
            "refsource": "MISC",
            "url": "https://launchpad.support.sap.com/#/notes/3022422"
          },
          {
            "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107",
            "refsource": "MISC",
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2021-21481"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-863"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/3022422",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3022422"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-03-16T17:34Z",
      "publishedDate": "2021-03-09T15:15Z"
    }
  }
}

CNVD-2021-18020

Vulnerability from cnvd - Published: 2021-03-16

Title

SAP NetWeaver未授权访问漏洞

Description

SAP Netweaver是德国思爱普（SAP）公司的一套面向服务的集成化应用平台。该平台主要为SAP应用程序提供开发和运行环境。 SAP NetWeaver 7.10、7.11、7.20、7.30、7.31、7.40、7.50版本存在安全漏洞，该漏洞允许未经授权的攻击者访问配置对象，包括授予管理权限的对象。

Severity

高

Patch Name

SAP NetWeaver未授权访问漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新：https://launchpad.support.sap.com/#/notes/3022422

Reference

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107

Impacted products

Name
['SAP SAP Netweaver 7.30', 'SAP SAP Netweaver 7.31', 'SAP SAP Netweaver 7.40', 'SAP SAP Netweaver 7.50', 'SAP SAP Netweaver 7.20', 'SAP SAP Netweaver 7.10', 'SAP SAP Netweaver 7.11']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-21481",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-21481"
    }
  },
  "description": "SAP Netweaver\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957\u9762\u5411\u670d\u52a1\u7684\u96c6\u6210\u5316\u5e94\u7528\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3b\u8981\u4e3aSAP\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u5f00\u53d1\u548c\u8fd0\u884c\u73af\u5883\u3002\n\nSAP NetWeaver 7.10\u30017.11\u30017.20\u30017.30\u30017.31\u30017.40\u30017.50\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u672a\u7ecf\u6388\u6743\u7684\u653b\u51fb\u8005\u8bbf\u95ee\u914d\u7f6e\u5bf9\u8c61\uff0c\u5305\u62ec\u6388\u4e88\u7ba1\u7406\u6743\u9650\u7684\u5bf9\u8c61\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1ahttps://launchpad.support.sap.com/#/notes/3022422",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-18020",
  "openTime": "2021-03-16",
  "patchDescription": "SAP Netweaver\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957\u9762\u5411\u670d\u52a1\u7684\u96c6\u6210\u5316\u5e94\u7528\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3b\u8981\u4e3aSAP\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u5f00\u53d1\u548c\u8fd0\u884c\u73af\u5883\u3002\r\n\r\nSAP NetWeaver 7.10\u30017.11\u30017.20\u30017.30\u30017.31\u30017.40\u30017.50\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u672a\u7ecf\u6388\u6743\u7684\u653b\u51fb\u8005\u8bbf\u95ee\u914d\u7f6e\u5bf9\u8c61\uff0c\u5305\u62ec\u6388\u4e88\u7ba1\u7406\u6743\u9650\u7684\u5bf9\u8c61\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP NetWeaver\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SAP SAP Netweaver 7.30",
      "SAP SAP Netweaver 7.31",
      "SAP SAP Netweaver 7.40",
      "SAP SAP Netweaver 7.50",
      "SAP SAP Netweaver 7.20",
      "SAP SAP Netweaver 7.10",
      "SAP SAP Netweaver 7.11"
    ]
  },
  "referenceLink": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107",
  "serverity": "\u9ad8",
  "submitTime": "2021-03-10",
  "title": "SAP NetWeaver\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}

VAR-202103-0644

Vulnerability from variot - Updated: 2023-12-18 14:00

The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability. SAP NetWeaver Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0644",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sap",
        "version": "7.30"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sap",
        "version": "7.31"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sap",
        "version": "7.50"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sap",
        "version": "7.10"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sap",
        "version": "7.11"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sap",
        "version": "7.20"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sap",
        "version": "7.40"
      },
      {
        "model": "netweaver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004419"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21481"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-21481"
      }
    ]
  },
  "cve": "CVE-2021-21481",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 8.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2021-21481",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "cna@sap.com",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-21481",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-21481",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "cna@sap.com",
            "id": "CVE-2021-21481",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202103-668",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-21481",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-21481"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004419"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21481"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21481"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-668"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability. SAP NetWeaver Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-21481"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004419"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21481"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-21481",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004419",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-668",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-21481",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-21481"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004419"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21481"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-668"
      }
    ]
  },
  "id": "VAR-202103-0644",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.27111164
  },
  "last_update_date": "2023-12-18T14:00:12.465000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SAP\u00a0Security\u00a0Patch\u00a0Day\u00a0-\u00a0March\u00a02021",
        "trust": 0.8,
        "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=571343107"
      },
      {
        "title": "SAP Netweaver Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=144380"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/sap-critical-rce-flaw-manufacturing/164666/"
      },
      {
        "title": null,
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2021/04/13/patch_tuesday_april/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-21481"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004419"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-668"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-863",
        "trust": 1.0
      },
      {
        "problemtype": "Bad authentication (CWE-863) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004419"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21481"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://launchpad.support.sap.com/#/notes/3022422"
      },
      {
        "trust": 1.7,
        "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=571343107"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21481"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-march-2021-34786"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-april-2021-35059"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/863.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/sap-critical-rce-flaw-manufacturing/164666/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-21481"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004419"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21481"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-668"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2021-21481"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004419"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-21481"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-668"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-03-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-21481"
      },
      {
        "date": "2021-11-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-004419"
      },
      {
        "date": "2021-03-09T15:15:14.787000",
        "db": "NVD",
        "id": "CVE-2021-21481"
      },
      {
        "date": "2021-03-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202103-668"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-03-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-21481"
      },
      {
        "date": "2021-11-22T02:06:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-004419"
      },
      {
        "date": "2021-03-16T17:34:45.720000",
        "db": "NVD",
        "id": "CVE-2021-21481"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202103-668"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-668"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP\u00a0NetWeaver\u00a0 Authentication Vulnerability in Microsoft",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-004419"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202103-668"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-21481 (GCVE-0-2021-21481)

CERTFR-2021-AVI-174

Solution

CERTFR-2021-AVI-174

Solution

FKIE_CVE-2021-21481

GHSA-CWX3-9577-FCX4

GSD-2021-21481

CNVD-2021-18020

VAR-202103-0644

Tags

Sightings

Nomenclature