Details of VAR-202103-0644

ID

VAR-202103-0644

CVE

CVE-2021-21481

TITLE

SAP NetWeaver Authentication Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2021-004419

DESCRIPTION

The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability. SAP NetWeaver Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2021-21481 // JVNDB: JVNDB-2021-004419 // VULMON: CVE-2021-21481

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver	scope:	eq	version:	7.30	Trust: 1.8
vendor:	sap	model:	netweaver	scope:	eq	version:	7.31	Trust: 1.8
vendor:	sap	model:	netweaver	scope:	eq	version:	7.50	Trust: 1.8
vendor:	sap	model:	netweaver	scope:	eq	version:	7.10	Trust: 1.8
vendor:	sap	model:	netweaver	scope:	eq	version:	7.11	Trust: 1.8
vendor:	sap	model:	netweaver	scope:	eq	version:	7.20	Trust: 1.8
vendor:	sap	model:	netweaver	scope:	eq	version:	7.40	Trust: 1.8
vendor:	sap	model:	netweaver	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004419 // NVD: CVE-2021-21481

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21481
value:	HIGH
Trust: 1.0
cna@sap.com:	CVE-2021-21481
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-21481
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202103-668
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-21481
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-21481
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-21481
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cna@sap.com:	CVE-2021-21481
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	CVE-2021-21481
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-21481 // JVNDB: JVNDB-2021-004419 // CNNVD: CNNVD-202103-668 // NVD: CVE-2021-21481 // NVD: CVE-2021-21481

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.0
problemtype:	Bad authentication (CWE-863) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004419 // NVD: CVE-2021-21481

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202103-668

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-668

PATCH

title:	SAP Security Patch Day - March 2021	url:	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107	Trust: 0.8
title:	SAP Netweaver Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144380	Trust: 0.6
title:	Threatpost	url:	https://threatpost.com/sap-critical-rce-flaw-manufacturing/164666/	Trust: 0.1
title:	-	url:	https://www.theregister.co.uk/2021/04/13/patch_tuesday_april/	Trust: 0.1

sources: VULMON: CVE-2021-21481 // JVNDB: JVNDB-2021-004419 // CNNVD: CNNVD-202103-668

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21481	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-004419	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-668	Trust: 0.6
db:	VULMON	id:	CVE-2021-21481	Trust: 0.1

sources: VULMON: CVE-2021-21481 // JVNDB: JVNDB-2021-004419 // CNNVD: CNNVD-202103-668 // NVD: CVE-2021-21481

REFERENCES

url:	https://launchpad.support.sap.com/#/notes/3022422	Trust: 1.7
url:	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=571343107	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21481	Trust: 0.8
url:	https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-march-2021-34786	Trust: 0.6
url:	https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-april-2021-35059	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/sap-critical-rce-flaw-manufacturing/164666/	Trust: 0.1

sources: VULMON: CVE-2021-21481 // JVNDB: JVNDB-2021-004419 // CNNVD: CNNVD-202103-668 // NVD: CVE-2021-21481

SOURCES

db:	VULMON	id:	CVE-2021-21481
db:	JVNDB	id:	JVNDB-2021-004419
db:	CNNVD	id:	CNNVD-202103-668
db:	NVD	id:	CVE-2021-21481

LAST UPDATE DATE

2024-11-23T22:25:10.103000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-21481	date:	2021-03-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-004419	date:	2021-11-22T02:06:00
db:	CNNVD	id:	CNNVD-202103-668	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-21481	date:	2024-11-21T05:48:27.593

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-21481	date:	2021-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-004419	date:	2021-11-22T00:00:00
db:	CNNVD	id:	CNNVD-202103-668	date:	2021-03-09T00:00:00
db:	NVD	id:	CVE-2021-21481	date:	2021-03-09T15:15:14.787