CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-21475

Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs. Due to this Directory Traversal vulnerability the attacker could read content of arbitrary files on the remote server and expose sensitive data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 66.6%

CVSS Severity

CVSS v3 Score 6.8

CVSS v2 Score 5.0

References

https://launchpad.support.sap.com/#/notes/3000897
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543
https://launchpad.support.sap.com/#/notes/3000897
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543

Products affected by CVE-2021-21475

Sap » Netweaver Master Data Management Server » Version: 710

cpe:2.3:a:sap:netweaver_master_data_management_server:710
Sap » Netweaver Master Data Management Server » Version: 710.750

cpe:2.3:a:sap:netweaver_master_data_management_server:710.750

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-21475

Products

Pricing

Contact Us