CVE-2021-21482

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Master Data Management versions 710 through 710.750

Description The issue allows a malicious unauthorized user with access to the MDM Server subnet to potentially find the password using a brute force method. If successful, the attacker could obtain access to highly sensitive data and MDM administrative privileges, leading to information disclosure and affecting the confidentiality and integrity of the application. This occurs when security guidelines and recommendations concerning administrative accounts of an SAP NetWeaver Master Data Management installation have not been thoroughly reviewed.

Recommendations For SAP NetWeaver Master Data Management versions 710 through 710.750, ensure that security guidelines and recommendations concerning administrative accounts are thoroughly reviewed and implemented to prevent brute force attacks on passwords. Consider temporarily restricting access to administrative privileges until the security guidelines are fully implemented.