CVE-2021-21475
HIGHSAP Master Data Management 710, 710.750 - Unauthenticated Path Traversal
Title source: llmDescription
Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs. Due to this Directory Traversal vulnerability the attacker could read content of arbitrary files on the remote server and expose sensitive data.
References (2)
Core 2
Core References
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/3000897
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543
Scores
CVSS v3
7.5
EPSS
0.0053
EPSS Percentile
67.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
sap/netweaver_master_data_management_server
710
sap/netweaver_master_data_management_server
710.750
Published
Feb 09, 2021
Tracked Since
Feb 18, 2026