CVE-2021-21475
6.8
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs. Due to this Directory Traversal vulnerability the attacker could read content of arbitrary files on the remote server and expose sensitive data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP NetWeaver Master Data Management Server | < 710 | affected |
| SAP SE | SAP NetWeaver Master Data Management Server | < 710.750 | affected |
Weaknesses
- Directory Traversal
ADP Enrichment
CVE Program Container
Additional References
- https://launchpad.support.sap.com/#/notes/3000897
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543
References
- https://launchpad.support.sap.com/#/notes/3000897
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.