CVE-2021-21472

Name of the Vulnerable Software and Affected Versions SAP Software Provisioning Manager version 1.0 SAP NetWeaver Master Data Management Server version 7.1

Description The issue allows an authenticated attacker to perform various security attacks due to the lack of an option to set a password during installation. This enables attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack, and Security Downgrade.

Recommendations For SAP Software Provisioning Manager version 1.0, consider setting a strong password manually after installation to mitigate the risk. For SAP NetWeaver Master Data Management Server version 7.1, restrict access to sensitive areas of the server to minimize the risk of exploitation until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.