CVE-2021-44232

HIGH

SAF-T Framework - Path Traversal in Transaction SAFTN_G

Title source: llm
STIX 2.1

Description

SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server.

References (2)

Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/3124094

Scores

CVSS v3 7.7
EPSS 0.0047
EPSS Percentile 64.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (14)
sap/saf-t_framework 103
sap/saf-t_framework 104
sap/saf-t_framework 105
sap/saf-t_framework 602
sap/saf-t_framework 603
sap/saf-t_framework 604
sap/saf-t_framework 605
sap/saf-t_framework 606
sap/saf-t_framework 618
sap/saf-t_framework 720
... and 4 more
Published Dec 14, 2021
Tracked Since Feb 18, 2026