CVE-2021-21475 Information

Description

Under specific circumstances SAP Master Data Management versions - 710 710.750 allows an unauthorized attacker to exploit insufficient validation of path information provided by users thus characters representing ’traverse to parent directory’ are passed through to the file APIs. Due to this Directory Traversal vulnerability the attacker could read content of arbitrary files on the remote server and expose sensitive data.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543 https://launchpad.support.sap.com/#/notes/3000897

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5