Details of VAR-202106-1132

ID

VAR-202106-1132

CVE

CVE-2021-27610

TITLE

SAP NetWeaver ABAP Server and ABAP Platform Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-008226

DESCRIPTION

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. SAP NetWeaver ABAP Server and ABAP Platform Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2021-27610 // JVNDB: JVNDB-2021-008226

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver as abap	scope:	eq	version:	731	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	700	Trust: 1.0
vendor:	sap	model:	netweaver abap	scope:	eq	version:	755	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	753	Trust: 1.0
vendor:	sap	model:	netweaver abap	scope:	eq	version:	751	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	750	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	804	Trust: 1.0
vendor:	sap	model:	netweaver abap	scope:	eq	version:	752	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	754	Trust: 1.0
vendor:	sap	model:	netweaver abap	scope:	eq	version:	702	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	755	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	740	Trust: 1.0
vendor:	sap	model:	netweaver abap	scope:	eq	version:	701	Trust: 1.0
vendor:	sap	model:	netweaver abap	scope:	eq	version:	700	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	751	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	752	Trust: 1.0
vendor:	sap	model:	netweaver abap	scope:	eq	version:	731	Trust: 1.0
vendor:	sap	model:	netweaver abap	scope:	eq	version:	753	Trust: 1.0
vendor:	sap	model:	netweaver abap	scope:	eq	version:	750	Trust: 1.0
vendor:	sap	model:	netweaver abap	scope:	eq	version:	804	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	702	Trust: 1.0
vendor:	sap	model:	netweaver abap	scope:	eq	version:	754	Trust: 1.0
vendor:	sap	model:	netweaver abap	scope:	eq	version:	740	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	eq	version:	701	Trust: 1.0
vendor:	sap	model:	netweaver as abap	scope:	-	version:	-	Trust: 0.8
vendor:	sap	model:	netweaver abap	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-008226 // NVD: CVE-2021-27610

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-27610
value:	CRITICAL
Trust: 1.8
CNNVD:	CNNVD-202106-470
value:	CRITICAL
Trust: 0.6

NVD:	CVE-2021-27610
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

NVD:	CVE-2021-27610
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-27610
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-008226 // CNNVD: CNNVD-202106-470 // NVD: CVE-2021-27610

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Improper authentication (CWE-287) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-008226 // NVD: CVE-2021-27610

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-470

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202106-470

CONFIGURATIONS

sources: NVD: CVE-2021-27610

PATCH

title:	SAP Security Patch Day - June 2021	url:	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=578125999	Trust: 0.8
title:	SAP NetWeaver ABAP Server and ABAP Platform Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155251	Trust: 0.6

sources: JVNDB: JVNDB-2021-008226 // CNNVD: CNNVD-202106-470

EXTERNAL IDS

db:	NVD	id:	CVE-2021-27610	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-008226	Trust: 0.8
db:	CNNVD	id:	CNNVD-202106-470	Trust: 0.6

sources: JVNDB: JVNDB-2021-008226 // CNNVD: CNNVD-202106-470 // NVD: CVE-2021-27610

REFERENCES

url:	https://launchpad.support.sap.com/#/notes/3007182	Trust: 1.6
url:	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=578125999	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27610	Trust: 0.8
url:	https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-june-2021-35633	Trust: 0.6

sources: JVNDB: JVNDB-2021-008226 // CNNVD: CNNVD-202106-470 // NVD: CVE-2021-27610

SOURCES

db:	JVNDB	id:	JVNDB-2021-008226
db:	CNNVD	id:	CNNVD-202106-470
db:	NVD	id:	CVE-2021-27610

LAST UPDATE DATE

2022-05-04T09:15:24.803000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-008226	date:	2022-03-08T07:36:00
db:	CNNVD	id:	CNNVD-202106-470	date:	2021-06-28T00:00:00
db:	NVD	id:	CVE-2021-27610	date:	2021-06-23T18:28:00

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-008226	date:	2022-03-08T00:00:00
db:	CNNVD	id:	CNNVD-202106-470	date:	2021-06-08T00:00:00
db:	NVD	id:	CVE-2021-27610	date:	2021-06-16T15:15:00