PT-2021-20269 · Sap · Sap Cloud Connector

Published

2021-09-15

Updated

2021-09-28

CVE-2021-33692

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: SAP Cloud Connector version 2.0

Description: The issue allows attackers to inject special elements, such as .. and / separators, into a zip file uploaded as a backup. This can enable attackers to escape outside of the restricted location and access files or directories.

Recommendations: For SAP Cloud Connector version 2.0, consider restricting the upload of zip files as backups or validating the contents of uploaded zip files to prevent the injection of malicious elements until a patch is available.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2021-33692

Affected Products

Sap Cloud Connector

PT-2021-20269 · Sap · Sap Cloud Connector

CVE-2021-33692

Weakness Enumeration

Related Identifiers

Affected Products

References · 7