CVE-2021-21481 CRITICAL

CVE-2021-21481

Vendor Sap Se
Product SAP NetWeaver AS JAVA (MigrationService)
Published March 9, 2021
Last update August 3, 2024

CVSS base score

9.6/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability.

Key dates

02Disclosure timeline

March 9, 2021 CVE published
August 3, 2024 Record updated