Information Disclosure Vulnerability in SAP NetWeaver Master Data Management
CVE-2021-21482
8.3HIGH
Key Information:
- Vendor
- SAP
- Vendor
- CVE Published:
- 13 April 2021
Summary
The vulnerability in SAP NetWeaver Master Data Management, versions 710 and 710.750, allows malicious users on the MDM Server subnet to utilize brute force methods for password retrieval. Successful exploitation can grant access to sensitive data and administrative privileges, compromising the application's confidentiality and integrity. This issue arises primarily when security practices concerning administrative account settings are inadequately enforced, putting organizations at risk of significant data breaches.
Affected Version(s)
SAP NetWeaver Master Data Management < 710 < 710
SAP NetWeaver Master Data Management < 710.750 < 710.750
References
CVSS V3.1
Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved