CVE-2021-33692

Summary

SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Cloud Connector< 2.0affected

Weaknesses

  • Code Injection via Path Traversal

ADP Enrichment

CVE Program Container

Additional References

References