CVE-2021-21475

Name of the Vulnerable Software and Affected Versions SAP Master Data Management versions 710 through 710.750

Description The issue allows an unauthorized attacker to exploit insufficient validation of path information provided by users. This enables characters representing 'traverse to parent directory' to be passed through to the file APIs, resulting in a Directory Traversal vulnerability. The attacker could read the content of arbitrary files on the remote server and expose sensitive data.

Recommendations For SAP Master Data Management versions 710 through 710.750, consider restricting access to the file APIs to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the functionality that allows user-provided path information to be passed to the file APIs could help mitigate the issue.