Sign-up

ID

VAR-202101-1438


CVE

CVE-2021-21448


TITLE

Windows  for  SAP GUI  Vulnerability regarding inadequate protection of credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002436

DESCRIPTION

SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can access information which would otherwise be restricted. The exploit can only be executed locally on the client PC and not via Network and the attacker needs at least user authorization of the Operating System user of the victim. Windows for SAP GUI Exists in an inadequate protection of credentials.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2021-21448 // JVNDB: JVNDB-2021-002436

AFFECTED PRODUCTS

vendor:sapmodel:graphical user interfacescope:eqversion:7.60

Trust: 1.0

vendor:sapmodel:guiscope:eqversion:7.60

Trust: 0.8

vendor:sapmodel:guiscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002436 // NVD: CVE-2021-21448

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-21448
value: MEDIUM

Trust: 1.0

cna@sap.com: CVE-2021-21448
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-21448
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202101-786
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2021-21448
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2021-21448
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.0
impactScore: 4.0
version: 3.1

Trust: 1.0

cna@sap.com: CVE-2021-21448
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2021-21448
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-002436 // CNNVD: CNNVD-202101-786 // NVD: CVE-2021-21448 // NVD: CVE-2021-21448

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Inadequate protection of credentials (CWE-522) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-002436 // NVD: CVE-2021-21448

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-786

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-786

PATCH

title:SAP Security Patch Day - January 2021url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476

Trust: 0.8

title:SAP GUI for Windows Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139711

Trust: 0.6

sources: JVNDB: JVNDB-2021-002436 // CNNVD: CNNVD-202101-786

EXTERNAL IDS

db:NVDid:CVE-2021-21448

Trust: 2.4

db:JVNDBid:JVNDB-2021-002436

Trust: 0.8

db:CNNVDid:CNNVD-202101-786

Trust: 0.6

sources: JVNDB: JVNDB-2021-002436 // CNNVD: CNNVD-202101-786 // NVD: CVE-2021-21448

REFERENCES

url:https://launchpad.support.sap.com/#/notes/2992269

Trust: 1.6

url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=564760476

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-21448

Trust: 1.4

url:https://i7p.wdf.sap.corp/sap/support/notes/2992269

Trust: 0.6

url:https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-january-2021-34277

Trust: 0.6

sources: JVNDB: JVNDB-2021-002436 // CNNVD: CNNVD-202101-786 // NVD: CVE-2021-21448

SOURCES

db:JVNDBid:JVNDB-2021-002436
db:CNNVDid:CNNVD-202101-786
db:NVDid:CVE-2021-21448

LAST UPDATE DATE

2024-11-23T23:04:07.143000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2021-002436date:2021-09-15T08:57:00
db:CNNVDid:CNNVD-202101-786date:2022-07-14T00:00:00
db:NVDid:CVE-2021-21448date:2024-11-21T05:48:23.667

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2021-002436date:2021-09-15T00:00:00
db:CNNVDid:CNNVD-202101-786date:2021-01-12T00:00:00
db:NVDid:CVE-2021-21448date:2021-01-12T15:15:14.610