Published: 09/03/2021 Updated: 16/03/2021

CVSS v2 Base Score: 8.3 | Impact Score: 10 | Exploitability Score: 6.5

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 739

Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized malicious user to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap netweaver 7.10
sap netweaver 7.11
sap netweaver 7.20
sap netweaver 7.30
sap netweaver 7.31
sap netweaver 7.40
sap netweaver 7.50

NSA helps out Microsoft with critical Exchange Server vulnerability disclosures in an April shower of patches

The Register • Thomas Claburn in San Francisco • 13 Apr 2021

100+ fixes for the Windows world – plus holes in SAP, Adobe, FreeBSD, etc SAP: It takes exploit devs about 72 hours to turn one of our security patches into a weapon against customers

Patch Tuesday April showers bring hours of patches as Microsoft delivers its Patch Tuesday fun-fest consisting of over a hundred CVEs, including four Exchange Server vulnerabilities reported to the company by the US National Security Agency (NSA). Forty-four different products and services are affected, mainly having to do with Azure, Exchange Server, Office, Visual Studio Code, and Windows. Among the vulnerabilities, four have been publicly disclosed and a fifth is being actively exploited. Nin...

CVE-2021-21481

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect