Cyber Resilience

CVE-2021-21482

High

Published: 13 April 2021

Published
13 April 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0009 25.9th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-21482 is a high-severity an unspecified weakness vulnerability in Sap Netweaver Master Data Management. Its CVSS base score is 8.3 (High).

Operationally, ranked at the 25.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. If successful, the attacker could obtain access to highly sensitive…

more

data and MDM administrative privileges leading to information disclosure vulnerability thereby affecting the confidentiality and integrity of the application. This happens when security guidelines and recommendations concerning administrative accounts of an SAP NetWeaver Master Data Management installation have not been thoroughly reviewed.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

sap
netweaver master data management
7.10.750, 710

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References