CVE-2021-27610 Information
Jun 07, 2022
cve
Description
SAP NetWeaver ABAP Server and ABAP Platform versions - 700 701 702 731 740 750 751 752 753 754 755 804 does not create information about internal and external RFC user in consistent and distinguished format which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://launchpad.support.sap.com/#/notes/3007182 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: