Multiple vulnerabilities in SAP Cloud Connector



Published: 2021-08-13
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2021-33692
CVE-2021-33693
CVE-2021-33694
CVE-2021-33695
CWE-ID CWE-20
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe
SAP Cloud Connector
Client/Desktop applications / Software for system administration

Vendor SAP

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU55836

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-33692

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input. A remote non-authenticated attacker on the local network can send specially crafted input to the application and bypass security restrictions.

Successful vulnerability exploitation may result in information disclosure or unauthorized data modification.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SAP Cloud Connector: 2.0


CPE2.3 External links

http://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Input validation error

EUVDB-ID: #VU55835

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-33693

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input. A remote non-authenticated attacker on the local network can send specially crafted input to the application and bypass security restrictions.

Successful vulnerability exploitation may result in information disclosure or unauthorized data modification.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SAP Cloud Connector: 2.0


CPE2.3 External links

http://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Input validation error

EUVDB-ID: #VU55834

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-33694

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input. A remote non-authenticated attacker on the local network can send specially crafted input to the application and bypass security restrictions.

Successful vulnerability exploitation may result in information disclosure or unauthorized data modification.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SAP Cloud Connector: 2.0


CPE2.3 External links

http://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Input validation error

EUVDB-ID: #VU55833

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-33695

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input. A remote non-authenticated attacker on the local network can send specially crafted input to the application and bypass security restrictions.

Successful vulnerability exploitation may result in information disclosure or unauthorized data modification.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SAP Cloud Connector: 2.0


CPE2.3 External links

http://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###