Vulnerability Details : CVE-2021-21482
SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. If successful, the attacker could obtain access to highly sensitive data and MDM administrative privileges leading to information disclosure vulnerability thereby affecting the confidentiality and integrity of the application. This happens when security guidelines and recommendations concerning administrative accounts of an SAP NetWeaver Master Data Management installation have not been thoroughly reviewed.
Vulnerability category: Information leak
Products affected by CVE-2021-21482
- cpe:2.3:a:sap:netweaver_master_data_management:7.10.750:*:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver_master_data_management:710:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-21482
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-21482
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.8
|
MEDIUM | AV:A/AC:L/Au:N/C:P/I:P/A:N |
6.5
|
4.9
|
NIST | |
8.3
|
HIGH | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
2.8
|
5.5
|
SAP SE | |
8.3
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L |
2.8
|
5.5
|
NIST |
References for CVE-2021-21482
-
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649
SAP Security Patch Day – April 2021 - Product Security Response at SAP - Community WikiVendor Advisory
-
https://launchpad.support.sap.com/#/notes/3017908
SAP ONE Support Launchpad: Log OnPermissions Required
Jump to