CVE-2021-21481Incorrect Authorization in SE SAP Netweaver AS Java

CWE-863Incorrect Authorization3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 63.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver AS JavaSAP Netweaver
Timeline
PublishedMar 9
Latest updateMay 24

Description

The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5sap_se/sap_netweaver_as_java< 7.10+5
NVDsap/netweaver7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-cwx3-9577-fcx4: The MigrationService, which is part of SAP NetWeaver versions 72022-05-24
CVEList
CVE-2021-21481: The MigrationService, which is part of SAP NetWeaver versions 72021-03-09
CVE-2021-21481 — Incorrect Authorization | cvebase