Lucene search

[email protected]NVD:CVE-2021-44232

HistoryDec 14, 2021 - 4:15 p.m.

CVE-2021-44232

2021-12-1416:15:09

CWE-22

[email protected]

web.nvd.nist.gov

saf-t framework

transaction saftn_g

insufficient validation

server directory access

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

46.8%

JSON

SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server.

Affected configurations

Nvd

Node

sapsaf-t_frameworkMatch103

sapsaf-t_frameworkMatch104

sapsaf-t_frameworkMatch105

sapsaf-t_frameworkMatch602

sapsaf-t_frameworkMatch603

sapsaf-t_frameworkMatch604

sapsaf-t_frameworkMatch605

sapsaf-t_frameworkMatch606

sapsaf-t_frameworkMatch618

sapsaf-t_frameworkMatch720

sapsaf-t_frameworkMatch730

sapsaf-t_frameworkMatchs4core_102

sapsaf-t_frameworkMatchsap_appl_600

sapsaf-t_frameworkMatchsap_fin_617

VendorProductVersionCPE
sapsaf-t_framework103cpe:2.3:a:sap:saf-t_framework:103:*:*:*:*:*:*:*
sapsaf-t_framework104cpe:2.3:a:sap:saf-t_framework:104:*:*:*:*:*:*:*
sapsaf-t_framework105cpe:2.3:a:sap:saf-t_framework:105:*:*:*:*:*:*:*
sapsaf-t_framework602cpe:2.3:a:sap:saf-t_framework:602:*:*:*:*:*:*:*
sapsaf-t_framework603cpe:2.3:a:sap:saf-t_framework:603:*:*:*:*:*:*:*
sapsaf-t_framework604cpe:2.3:a:sap:saf-t_framework:604:*:*:*:*:*:*:*
sapsaf-t_framework605cpe:2.3:a:sap:saf-t_framework:605:*:*:*:*:*:*:*
sapsaf-t_framework606cpe:2.3:a:sap:saf-t_framework:606:*:*:*:*:*:*:*
sapsaf-t_framework618cpe:2.3:a:sap:saf-t_framework:618:*:*:*:*:*:*:*
sapsaf-t_framework720cpe:2.3:a:sap:saf-t_framework:720:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	saf-t_framework	103	cpe:2.3:a:sap:saf-t_framework:103:::::::*
sap	saf-t_framework	104	cpe:2.3:a:sap:saf-t_framework:104:::::::*
sap	saf-t_framework	105	cpe:2.3:a:sap:saf-t_framework:105:::::::*
sap	saf-t_framework	602	cpe:2.3:a:sap:saf-t_framework:602:::::::*
sap	saf-t_framework	603	cpe:2.3:a:sap:saf-t_framework:603:::::::*
sap	saf-t_framework	604	cpe:2.3:a:sap:saf-t_framework:604:::::::*
sap	saf-t_framework	605	cpe:2.3:a:sap:saf-t_framework:605:::::::*
sap	saf-t_framework	606	cpe:2.3:a:sap:saf-t_framework:606:::::::*
sap	saf-t_framework	618	cpe:2.3:a:sap:saf-t_framework:618:::::::*
sap	saf-t_framework	720	cpe:2.3:a:sap:saf-t_framework:720:::::::*

Rows per page:

1-10 of 141

References

launchpad.support.sap.com/#/notes/3124094

wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

46.8%

JSON

Related for NVD:CVE-2021-44232

prion1 cvelist1 cve1