Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-44232

SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server.

Published

2021-12-14T16:15:09.623

Last Modified

2024-11-21T06:30:38.860

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.7 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-22
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sap saf-t_framework 103 Yes
Application sap saf-t_framework 104 Yes
Application sap saf-t_framework 105 Yes
Application sap saf-t_framework 602 Yes
Application sap saf-t_framework 603 Yes
Application sap saf-t_framework 604 Yes
Application sap saf-t_framework 605 Yes
Application sap saf-t_framework 606 Yes
Application sap saf-t_framework 618 Yes
Application sap saf-t_framework 720 Yes
Application sap saf-t_framework 730 Yes
Application sap saf-t_framework s4core_102 Yes
Application sap saf-t_framework sap_appl_600 Yes
Application sap saf-t_framework sap_fin_617 Yes
References