← Back to CVEs
CVE-2021-44232
HIGH7.7
Description
SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server.
CVE Details
CVSS v3.1 Score7.7
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published12/14/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
sap:saf-t_framework
Weaknesses (CWE)
CWE-22
References
https://launchpad.support.sap.com/#/notes/3124094(cna@sap.com)
https://launchpad.support.sap.com/#/notes/3124094(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.