Multiple vulnerabilities in SAP Cloud Connector
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2021-33692 CVE-2021-33693 CVE-2021-33694 CVE-2021-33695 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
SAP Cloud Connector Client/Desktop applications / Software for system administration |
| Vendor | SAP |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU55836
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-33692
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input. A remote non-authenticated attacker on the local network can send specially crafted input to the application and bypass security restrictions.
Successful vulnerability exploitation may result in information disclosure or unauthorized data modification.
Install updates from vendor's website.
Vulnerable software versionsSAP Cloud Connector: 2.0
CPE2.3 External linkshttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU55835
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-33693
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input. A remote non-authenticated attacker on the local network can send specially crafted input to the application and bypass security restrictions.
Successful vulnerability exploitation may result in information disclosure or unauthorized data modification.
Install updates from vendor's website.
Vulnerable software versionsSAP Cloud Connector: 2.0
CPE2.3 External linkshttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU55834
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-33694
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input. A remote non-authenticated attacker on the local network can send specially crafted input to the application and bypass security restrictions.
Successful vulnerability exploitation may result in information disclosure or unauthorized data modification.
Install updates from vendor's website.
Vulnerable software versionsSAP Cloud Connector: 2.0
CPE2.3 External linkshttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU55833
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-33695
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input. A remote non-authenticated attacker on the local network can send specially crafted input to the application and bypass security restrictions.
Successful vulnerability exploitation may result in information disclosure or unauthorized data modification.
Install updates from vendor's website.
Vulnerable software versionsSAP Cloud Connector: 2.0
CPE2.3 External linkshttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
