nvd-json-data-feeds/CVE-2021/CVE-2021-336xx/CVE-2021-33671.json

{
  "id": "CVE-2021-33671",
  "sourceIdentifier": "cna@sap.com",
  "published": "2021-07-14T12:15:08.273",
  "lastModified": "2021-07-16T16:20:40.487",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of functionality restricted to a particular user group, and could allow unauthorized users to read, modify or delete restricted data."
    },
    {
      "lang": "es",
      "value": "SAP NetWeaver Guided Procedures (Administration Workset), versiones - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, no lleva a cabo las comprobaciones de autorizaci\u00f3n necesarias para un usuario autenticado, resultando en una escalada de privilegios. El impacto de la falta de autorizaci\u00f3n podr\u00eda resultar en el abuso de la funcionalidad restringida a un grupo de usuarios en particular, y podr\u00eda permitir a usuarios no autorizados a leer, modificar o eliminar los datos restringidos"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV30": [
      {
        "source": "cna@sap.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "availabilityImpact": "LOW",
          "baseScore": 7.6,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_guided_procedures:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "06CA0A75-184C-42FC-A1FD-19545165A380"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_guided_procedures:7.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "21D40F4E-E064-4120-99EE-5108094F768A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_guided_procedures:7.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "402FF7B9-8F4D-48D4-917B-C22A1AA03CB3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_guided_procedures:7.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "68707EF8-8FD7-42C1-B5D0-223B716EDB9C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_guided_procedures:7.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC69EB62-C662-468B-9490-CF72210F5A55"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_guided_procedures:7.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2B90227-A617-4C0D-B787-FF989B3BA12D"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://launchpad.support.sap.com/#/notes/3059446",
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required"
      ]
    },
    {
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}