Vulnerability-Lookup

CVE-2021-21469 (GCVE-0-2021-21469)

Vulnerability from cvelistv5 – Published: 2021-01-12 14:44 – Updated: 2024-08-03 18:16

Summary

When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE

Information Disclosure

Assigner

sap

References

URL

	Vendor	Product	Version
	SAP SE	SAP NetWeaver Master Data Management	Affected: < 7.10 Affected: < 710 Affected: < 710.750

GSD-2021-21469

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-21469

Aliases

CVE-2021-21469

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-21469",
    "description": "When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure.",
    "id": "GSD-2021-21469"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-21469"
      ],
      "details": "When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure.",
      "id": "GSD-2021-21469",
      "modified": "2023-12-13T01:23:10.768976Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cna@sap.com",
        "ID": "CVE-2021-21469",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SAP NetWeaver Master Data Management",
                    "version": {
                      "version_data": [
                        {
                          "version_name": "\u003c",
                          "version_value": "7.10"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "710"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "710.750"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SAP SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": "5.3",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476",
            "refsource": "MISC",
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476"
          },
          {
            "name": "https://launchpad.support.sap.com/#/notes/2993032",
            "refsource": "MISC",
            "url": "https://launchpad.support.sap.com/#/notes/2993032"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_master_data_management:7.10.750:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_master_data_management:710:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_master_data_management:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2021-21469"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2993032",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2993032"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-02-10T18:13Z",
      "publishedDate": "2021-01-12T15:15Z"
    }
  }
}

CERTFR-2021-AVI-017

Vulnerability from certfr_avis - Published: 2021-01-12 - Updated: 2021-01-12

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAP Business Client versions antérieures à 6.5
SAP	SAP BusinessObjects Business Intelligence	SAP BusinessObjects Business Intelligence platform (Web Intelligence HTML interface) versions antérieures à 410 et 420
SAP	Business Warehouse	SAP Business Warehouse versions antérieures à 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 et 782
SAP	N/A	SAP NetWeaver Master Data Management versions antérieures à 7.10, 7.10.750 et 710
SAP	N/A	SAP NetWeaver AS ABAP versions antérieures à 740, 750, 751, 752, 753, 754 et 755
SAP	N/A	SAP BW4HANA versions antérieures à 100 et 200
SAP	N/A	SAP 3D Visual Enterprise Viewer versions antérieures à 9.0
SAP	Commerce Cloud	SAP Commerce Cloud versions antérieures à 1808, 1811, 1905, 2005 et 2011
SAP	SAP NetWeaver AS Java	SAP NetWeaver AS JAVA versions antérieures à 7.20, 7.30, 7.31, 7.40 et 7.50
SAP	N/A	SAP EPM ADD-IN versions antérieures à 2.8 et 1010
SAP	SAP NetWeaver AS Java	SAP NetWeaver AS JAVA (Key Storage Service) versions antérieures à 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40 et 7.50
SAP	N/A	Automated Note Search Tool (SAP Basis) versions antérieures à 7.0, 7.01,7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 et 7.54
SAP	SAP NetWeaver AS Java	SAP NetWeaver AS Java (HTTP Service) versions antérieures à 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50
SAP	Business Warehouse	SAP Business Warehouse versions antérieures à 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755 et 782
SAP	Business Warehouse	SAP Business Warehouse versions antérieures à 700, 701, 702, 711, 730, 731, 740, 750 et 782
SAP	N/A	SAP Banking Services (Generic Market Data) versions antérieures à 400, 450 et 500
SAP	N/A	SAP Master Data Governance versions antérieures à 748, 749, 750, 751, 752, 800, 801, 802, 803 et 804
SAP	N/A	SAP GUI FOR WINDOWS versions antérieures à 7.60

References

Title

Publication Time

Tags

Bulletin de sécurité SAP du 12 janvier 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAP Business Client versions ant\u00e9rieures \u00e0 6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP BusinessObjects Business Intelligence platform (Web Intelligence HTML interface) versions ant\u00e9rieures \u00e0 410 et 420",
      "product": {
        "name": "SAP BusinessObjects Business Intelligence",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Warehouse versions ant\u00e9rieures \u00e0 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 et 782",
      "product": {
        "name": "Business Warehouse",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver Master Data Management versions ant\u00e9rieures \u00e0 7.10, 7.10.750 et 710",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP versions ant\u00e9rieures \u00e0 740, 750, 751, 752, 753, 754 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP BW4HANA versions ant\u00e9rieures \u00e0 100 et 200",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP 3D Visual Enterprise Viewer versions ant\u00e9rieures \u00e0 9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Commerce Cloud versions ant\u00e9rieures \u00e0 1808, 1811, 1905, 2005 et 2011",
      "product": {
        "name": "Commerce Cloud",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS JAVA versions ant\u00e9rieures \u00e0 7.20, 7.30, 7.31, 7.40 et 7.50",
      "product": {
        "name": "SAP NetWeaver AS Java",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP EPM ADD-IN versions ant\u00e9rieures \u00e0 2.8 et 1010",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS JAVA (Key Storage Service) versions ant\u00e9rieures \u00e0 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40 et 7.50",
      "product": {
        "name": "SAP NetWeaver AS Java",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Automated Note Search Tool (SAP Basis) versions ant\u00e9rieures \u00e0 7.0, 7.01,7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 et 7.54",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS Java (HTTP Service) versions ant\u00e9rieures \u00e0 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50",
      "product": {
        "name": "SAP NetWeaver AS Java",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Warehouse versions ant\u00e9rieures \u00e0 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755 et 782",
      "product": {
        "name": "Business Warehouse",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Warehouse versions ant\u00e9rieures \u00e0 700, 701, 702, 711, 730, 731, 740, 750 et 782",
      "product": {
        "name": "Business Warehouse",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Banking Services (Generic Market Data) versions ant\u00e9rieures \u00e0 400, 450 et 500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Master Data Governance versions ant\u00e9rieures \u00e0 748, 749, 750, 751, 752, 800, 801, 802, 803 et 804",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP GUI FOR WINDOWS versions ant\u00e9rieures \u00e0 7.60",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21446"
    },
    {
      "name": "CVE-2021-21449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21449"
    },
    {
      "name": "CVE-2020-6307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6307"
    },
    {
      "name": "CVE-2021-21467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21467"
    },
    {
      "name": "CVE-2021-21466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21466"
    },
    {
      "name": "CVE-2020-26816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26816"
    },
    {
      "name": "CVE-2020-26838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26838"
    },
    {
      "name": "CVE-2020-6224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6224"
    },
    {
      "name": "CVE-2021-21451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21451"
    },
    {
      "name": "CVE-2021-21464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21464"
    },
    {
      "name": "CVE-2021-21468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21468"
    },
    {
      "name": "CVE-2020-6256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6256"
    },
    {
      "name": "CVE-2021-21459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21459"
    },
    {
      "name": "CVE-2021-21462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21462"
    },
    {
      "name": "CVE-2020-26820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26820"
    },
    {
      "name": "CVE-2021-21460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21460"
    },
    {
      "name": "CVE-2021-21445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21445"
    },
    {
      "name": "CVE-2021-21453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21453"
    },
    {
      "name": "CVE-2021-21448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21448"
    },
    {
      "name": "CVE-2021-21456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21456"
    },
    {
      "name": "CVE-2021-21450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21450"
    },
    {
      "name": "CVE-2021-21470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21470"
    },
    {
      "name": "CVE-2021-21447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21447"
    },
    {
      "name": "CVE-2021-21465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21465"
    },
    {
      "name": "CVE-2021-21458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21458"
    },
    {
      "name": "CVE-2021-21463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21463"
    },
    {
      "name": "CVE-2021-21455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21455"
    },
    {
      "name": "CVE-2021-21454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21454"
    },
    {
      "name": "CVE-2021-21461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21461"
    },
    {
      "name": "CVE-2021-21457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21457"
    },
    {
      "name": "CVE-2021-21452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21452"
    },
    {
      "name": "CVE-2021-21469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21469"
    }
  ],
  "initial_release_date": "2021-01-12T00:00:00",
  "last_revision_date": "2021-01-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-017",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP du 12 janvier 2021",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476"
    }
  ]
}

GHSA-8R9Q-9PVC-52XQ

Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2023-02-10 18:30

Details

When security guidelines for SAP NetWeaver Master Data Management, versions 7.10, 710, and 710.750, running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-21469"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-12T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "When security guidelines for SAP NetWeaver Master Data Management, versions 7.10, 710, and 710.750, running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure.",
  "id": "GHSA-8r9q-9pvc-52xq",
  "modified": "2023-02-10T18:30:29Z",
  "published": "2022-05-24T17:38:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21469"
    },
    {
      "type": "WEB",
      "url": "https://i7p.wdf.sap.corp/sap/support/notes/2993032"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/2993032"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2021-21469

Vulnerability from fkie_nvd - Published: 2021-01-12 15:15 - Updated: 2024-11-21 05:48

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cna@sap.com	https://launchpad.support.sap.com/#/notes/2993032	Permissions Required, Vendor Advisory
cna@sap.com	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.support.sap.com/#/notes/2993032	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476	Vendor Advisory

Impacted products

Vendor	Product	Version
sap	netweaver_master_data_management	7.10
sap	netweaver_master_data_management	7.10.750
sap	netweaver_master_data_management	710

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:netweaver_master_data_management:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B5149D3-9D8D-4DD9-B2F1-C92DE398107F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_master_data_management:7.10.750:*:*:*:*:*:*:*",
              "matchCriteriaId": "071CC928-964B-4CCB-AA4B-C61B4EB9AF0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_master_data_management:710:*:*:*:*:*:*:*",
              "matchCriteriaId": "18569141-CFE0-4829-A44E-343ADBD2E17E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure."
    },
    {
      "lang": "es",
      "value": "Cuando las pautas de seguridad para SAP NetWeaver Master Data Management que se ejecutan en Windows no han sido revisadas a fondo, puede ser posible que un operador externo intente establecer rutas personalizadas en la configuraci\u00f3n del servidor MDS. Cuando no ha sido aplicada una protecci\u00f3n adecuada en ning\u00fan nivel (p. Ej., La contrase\u00f1a del servidor MDS no se ha establecido, la configuraci\u00f3n de la red y del sistema operativo no est\u00e1 apropiadamente protegida, etc.), un usuario malicioso puede definir rutas UNC que luego podr\u00edan ser explotadas para poner el sistema en riesgo usando un llamado ataque de retransmisi\u00f3n SMB y obtener datos altamente confidenciales, lo que conlleva a una divulgaci\u00f3n de informaci\u00f3n"
    }
  ],
  "id": "CVE-2021-21469",
  "lastModified": "2024-11-21T05:48:26.140",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "cna@sap.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-12T15:15:16.187",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2993032"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2993032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2021-03698

Vulnerability from cnvd - Published: 2021-01-18

Title

SAP NetWeaver Master Data Management信息泄露漏洞（CNVD-2021-03698）

Description

SAP NetWeaver Master Data Management（SAP MDM）是德国SAP公司的一款用于管理企业间协同合作的软件。 SAP NetWeaver Master Data Management中存在安全漏洞，攻击者可以利用该漏洞获取敏感信息。

Severity

中

Patch Name

SAP NetWeaver Master Data Management信息泄露漏洞（CNVD-2021-03698）的补丁

Patch Description

SAP NetWeaver Master Data Management（SAP MDM）是德国SAP公司的一款用于管理企业间协同合作的软件。 SAP NetWeaver Master Data Management中存在安全漏洞，攻击者可以利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-21469

Impacted products

Name
['SAP NetWeaver Master Data Management 7.10', 'SAP NetWeaver Master Data Management 710', 'SAP NetWeaver Master Data Management 710.750']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-21469",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-21469"
    }
  },
  "description": "SAP NetWeaver Master Data Management\uff08SAP MDM\uff09\u662f\u5fb7\u56fdSAP\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u7ba1\u7406\u4f01\u4e1a\u95f4\u534f\u540c\u5408\u4f5c\u7684\u8f6f\u4ef6\u3002\n\nSAP NetWeaver Master Data Management\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1ahttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-03698",
  "openTime": "2021-01-18",
  "patchDescription": "SAP NetWeaver Master Data Management\uff08SAP MDM\uff09\u662f\u5fb7\u56fdSAP\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u7ba1\u7406\u4f01\u4e1a\u95f4\u534f\u540c\u5408\u4f5c\u7684\u8f6f\u4ef6\u3002\r\n\r\nSAP NetWeaver Master Data Management\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP NetWeaver Master Data Management\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-03698\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SAP NetWeaver Master Data Management 7.10",
      "SAP NetWeaver Master Data Management 710",
      "SAP NetWeaver Master Data Management 710.750"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-21469",
  "serverity": "\u4e2d",
  "submitTime": "2021-01-14",
  "title": "SAP NetWeaver Master Data Management\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-03698\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-21469 (GCVE-0-2021-21469)

GSD-2021-21469

CERTFR-2021-AVI-017

Solution

GHSA-8R9Q-9PVC-52XQ

FKIE_CVE-2021-21469

CNVD-2021-03698

Tags

Sightings

Nomenclature