Lucene search

SapCVELIST:CVE-2021-33668

HistoryJun 09, 2021 - 12:02 p.m.

CVE-2021-33668

2021-06-0912:02:26

sap

www.cve.org

improper input sanitization

ldap queries

unauthenticated user

confidentiality

impact

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

55.9%

JSON

Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application.

CNA Affected

[
  {
    "product": "SAP InfraBox",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.2.1"
      }
    ]
  }
]

References

github.com/SAP/scimono/security/advisories/GHSA-wg9g-w4fg-3qqc

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.002

Percentile

55.9%

JSON

Related for CVELIST:CVE-2021-33668