| Vulnerability Name: | CVE-2021-27610 (CCN-203301) | ||||||||||||
| Assigned: | 2021-06-08 | ||||||||||||
| Published: | 2021-06-08 | ||||||||||||
| Updated: | 2022-10-06 | ||||||||||||
| Summary: | SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. | ||||||||||||
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
8.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-287 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-27610 Source: XF Type: UNKNOWN sap-cve202127610-sec-bypass(203301) Source: CCN Type: SAP Web site SAP Support Note 3007182 Source: MISC Type: Permissions Required, Vendor Advisory https://launchpad.support.sap.com/#/notes/3007182 Source: CCN Type: SAP Security Patch Day - June 2021 SAP Security Patch Day - June 2021 Source: MISC Type: Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||