The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability.
References
| Link | Resource |
|---|---|
| https://launchpad.support.sap.com/#/notes/3022422 | Permissions Required Vendor Advisory |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Mar 2021, 17:34
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:7.31:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:7.11:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : 8.3
v3 : 8.8 |
| CWE | CWE-863 | |
| References | (MISC) https://launchpad.support.sap.com/#/notes/3022422 - Permissions Required, Vendor Advisory | |
| References | (MISC) https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 - Vendor Advisory |
09 Mar 2021, 15:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-03-09 15:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-21481
Mitre link : CVE-2021-21481
CVE.ORG link : CVE-2021-21481
JSON object : View
Products Affected
sap
- netweaver
CWE
CWE-863
Incorrect Authorization