CVE-2021-21482 Information

Jun 07, 2022 cve

Description

SAP NetWeaver Master Data Management versions - 710 710.750 allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. If successful the attacker could obtain access to highly sensitive data and MDM administrative privileges leading to information disclosure vulnerability thereby affecting the confidentiality and integrity of the application. This happens when security guidelines and recommendations concerning administrative accounts of an SAP NetWeaver Master Data Management installation have not been thoroughly reviewed.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Reference

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 https://launchpad.support.sap.com/#/notes/3017908

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

LOW

Base Severity

8.3

Share on: