Input validation error in SAP Cloud Connector - CVE-2021-33695

 

Input validation error in SAP Cloud Connector - CVE-2021-33695

Published: August 13, 2021


Vulnerability identifier: #VU55833
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-33695
CWE-ID: CWE-20
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: SAP
Affected software:
SAP Cloud Connector

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input. A remote non-authenticated attacker on the local network can send specially crafted input to the application and bypass security restrictions.

Successful vulnerability exploitation may result in information disclosure or unauthorized data modification.


How to mitigate CVE-2021-33695

Install updates from vendor's website.

Sources