Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-21481

The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability.

Published

2021-03-09T15:15:14.787

Last Modified

2024-11-21T05:48:27.593

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:C/I:C/A:C

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

6.5

Impact Score

10.0

Weaknesses

Type: Primary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	netweaver	7.10	Yes
Application	sap	netweaver	7.11	Yes
Application	sap	netweaver	7.20	Yes
Application	sap	netweaver	7.30	Yes
Application	sap	netweaver	7.31	Yes
Application	sap	netweaver	7.40	Yes
Application	sap	netweaver	7.50	Yes

References

https://launchpad.support.sap.com/#/notes/3022422 Permissions Required, Vendor Advisory ([email protected])
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 Vendor Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/3022422 Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)