ByteOS Network

NVD Vulnerability Details :

CVE-2021-33692

Analyzed

Source-cna@sap.com

Published At-15 Sep, 2021 | 19:15

Updated At-28 Sep, 2021 | 14:41

SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary	3.0	5.2	MEDIUM	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

SAP SE

>>cloud_connector>>2.0

cpe:2.3:a:sap:cloud_connector:2.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-22	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://launchpad.support.sap.com/#/notes/3058553	cna@sap.com	Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806	cna@sap.com	Patch Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History