CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-33692

SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 56.7%

CVSS Severity

CVSS v3 Score 5.2

CVSS v2 Score 5.0

References

https://launchpad.support.sap.com/#/notes/3058553
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
https://launchpad.support.sap.com/#/notes/3058553
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806

Products affected by CVE-2021-33692

Sap » Cloud Connector » Version: 2.0

cpe:2.3:a:sap:cloud_connector:2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-33692

Products

Pricing

Contact Us