The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/3022422 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2021-03-09T14:05:51
Updated: 2021-03-09T14:05:51
Reserved: 2020-12-30T00:00:00
Link: CVE-2021-21481
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-09T15:15:14.787
Modified: 2021-03-16T17:34:45.720
Link: CVE-2021-21481
JSON object: View
Redhat Information
No data.
CWE