Input validation error in SAP Cloud Connector

#VU55836 Input validation error in SAP Cloud Connector

Published: 2021-08-13

Vulnerability identifier: #VU55836

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-33692

CWE-ID: CWE-20

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
SAP Cloud Connector
Client/Desktop applications / Software for system administration

Vendor: SAP

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input. A remote non-authenticated attacker on the local network can send specially crafted input to the application and bypass security restrictions.

Successful vulnerability exploitation may result in information disclosure or unauthorized data modification.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SAP Cloud Connector: 2.0

CPE

cpe:2.3:a:sap:sap_cloud_connector:2.0:*:*:*:*:*:*:*

External links
http://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in SAP Cloud Connector