cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-21482,https://securityvulnerability.io/vulnerability/CVE-2021-21482,,"SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. If successful, the attacker could obtain access to highly sensitive data and MDM administrative privileges leading to information disclosure vulnerability thereby affecting the confidentiality and integrity of the application. This happens when security guidelines and recommendations concerning administrative accounts of an SAP NetWeaver Master Data Management installation have not been thoroughly reviewed.",SAP,SAP Netweaver Master Data Management,8.3,HIGH,0.0007699999841861427,false,false,false,false,,false,false,2021-04-13T18:39:52.000Z,0
CVE-2021-21475,https://securityvulnerability.io/vulnerability/CVE-2021-21475,,"Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs. Due to this Directory Traversal vulnerability the attacker could read content of arbitrary files on the remote server and expose sensitive data.",SAP,SAP Netweaver Master Data Management Server,6.8,MEDIUM,0.0034000000450760126,false,false,false,false,,false,false,2021-02-09T20:43:48.000Z,0
CVE-2021-21472,https://securityvulnerability.io/vulnerability/CVE-2021-21472,,"SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack, Security Downgrade.",SAP,SAP Software Provisioning Manager 1.0 (SAP Netweaver Master Data Management Server 7.1),6.3,MEDIUM,0.0010300000431016088,false,false,false,false,,false,false,2021-02-09T20:43:38.000Z,0
CVE-2021-21469,https://securityvulnerability.io/vulnerability/CVE-2021-21469,,"When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure.",SAP,SAP Netweaver Master Data Management,5.3,MEDIUM,0.0017800000496208668,false,false,false,false,,false,false,2021-01-12T14:44:32.000Z,0