CVE-2021-27610 Vulnerability Details

  /     /     /  

CVE-2021-27610 Metadata Quick Info

CVE Published: 16/06/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: sap | Vendor: SAP SE | Product: SAP NetWeaver AS ABAP and ABAP Platform
Status : PUBLISHED

---

CVE-2021-27610 Description

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Improper Authentication
Source: SAP SE

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).