CVE-2021-44232

Summary

SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server.

Affected Software

VendorProductVersion RangeStatus
SAP SESAF-T Framework< SAP_FIN 617affected
SAP SESAF-T Framework< 618affected
SAP SESAF-T Framework< 720affected
SAP SESAF-T Framework< 730affected
SAP SESAF-T Framework< SAP_APPL 600affected
SAP SESAF-T Framework< 602affected
SAP SESAF-T Framework< 603affected
SAP SESAF-T Framework< 604affected
SAP SESAF-T Framework< 605affected
SAP SESAF-T Framework< 606affected
SAP SESAF-T Framework< S4CORE 102affected
SAP SESAF-T Framework< 103affected
SAP SESAF-T Framework< 104affected
SAP SESAF-T Framework< 105affected

Weaknesses

  • Path Traversal

ADP Enrichment

CVE Program Container

Additional References

References