Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2021-21469

MEDIUM
Published 2021-01-12T14:44:32
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-21469. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.0
5.3
/10
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.002
probability
of exploitation in the wild

There is a 0.2% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.429
Higher than 42.9% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Description

When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

SAP SE

SAP NetWeaver Master Data Management

Affected Versions:

< 7.10 < 710 < 710.750

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-8r9q-9pvc-52xq

Advisory Details

When security guidelines for SAP NetWeaver Master Data Management, versions 7.10, 710, and 710.750, running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-21469
WEB https://i7p.wdf.sap.corp/sap/support/notes/2993032
WEB https://launchpad.support.sap.com/#/notes/2993032
WEB https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: February 10, 2023

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
https://launchpad.support.sap.com/#/notes/2993032
Published: 2021-01-12T14:44:32
Last Modified: 2024-08-03T18:16:22.563Z
Copied to clipboard!