CVE-2021-21472 MEDIUM

CVE-2021-21472

Vendor Sap Se
Product SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1)
Published February 9, 2021
Last update August 3, 2024

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack, Security Downgrade.

Key dates

02Disclosure timeline

February 9, 2021 CVE published
August 3, 2024 Record updated