CVE-2021-21469

When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://launchpad.support.sap.com/#/notes/2993032	Permissions Required Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:netweaver_master_data_management:7.10:::::::*
	cpe:2.3:a:sap:netweaver_master_data_management:7.10.750:::::::*
	cpe:2.3:a:sap:netweaver_master_data_management:710:::::::*

History

No history.

Information

Published : 2021-01-12 15:15

Updated : 2024-02-28 18:08

NVD link : CVE-2021-21469

Mitre link : CVE-2021-21469

CVE.ORG link : CVE-2021-21469

JSON object : View

Products Affected

sap

netweaver_master_data_management

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2021-21469", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-01-12T15:15:16.187", "references": [{"url": "https://launchpad.support.sap.com/#/notes/2993032", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure."}, {"lang": "es", "value": "Cuando las pautas de seguridad para SAP NetWeaver Master Data Management que se ejecutan en Windows no han sido revisadas a fondo, puede ser posible que un operador externo intente establecer rutas personalizadas en la configuraci\u00f3n del servidor MDS. Cuando no ha sido aplicada una protecci\u00f3n adecuada en ning\u00fan nivel (p. Ej., La contrase\u00f1a del servidor MDS no se ha establecido, la configuraci\u00f3n de la red y del sistema operativo no est\u00e1 apropiadamente protegida, etc.), un usuario malicioso puede definir rutas UNC que luego podr\u00edan ser explotadas para poner el sistema en riesgo usando un llamado ataque de retransmisi\u00f3n SMB y obtener datos altamente confidenciales, lo que conlleva a una divulgaci\u00f3n de informaci\u00f3n"}], "lastModified": "2023-02-10T18:13:40.317", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_master_data_management:7.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B5149D3-9D8D-4DD9-B2F1-C92DE398107F"}, {"criteria": "cpe:2.3:a:sap:netweaver_master_data_management:7.10.750:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "071CC928-964B-4CCB-AA4B-C61B4EB9AF0A"}, {"criteria": "cpe:2.3:a:sap:netweaver_master_data_management:710:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18569141-CFE0-4829-A44E-343ADBD2E17E"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}