SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack, Security Downgrade.

Related CVEs

CVE-2021-21472

Key Information

GHSA ID

GHSA-wqmg-hcjv-rh39

Published

May 24, 2022 5:41 PM

Last Modified

August 8, 2023 3:31 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 26, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.