← Back

CVE-2021-44232

nvd nist
Published: Dec 14, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.7
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Exploitability: 3.1 / Impact: 4.0
Source: NVD

Description

SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server.

Affected (14)

Products: Sap: Saf T Framework
Sap
1 product
Saf T Framework
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Saf T Framework
Version 103
Saf T Framework
Version 104
Saf T Framework
Version 105
Saf T Framework
Version 602
Saf T Framework
Version 603
Saf T Framework
Version 604
Saf T Framework
Version 605
Saf T Framework
Version 606
Saf T Framework
Version 618
Saf T Framework
Version 720
Saf T Framework
Version 730
Saf T Framework
Version s4core_102
Saf T Framework
Version sap_appl_600
Saf T Framework
Version sap_fin_617

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (4)

Source: cna@sap.com
Vendor Advisory
Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory

Timeline

No history available yet.