CVE-2021-27610

CRITICAL Year: 2021
CVSS v3 Score
9.0
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-287
View all →

Vulnerability Description

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system.

Related Vulnerabilities

CVE-2017-2914

CRITICAL
CVSS:9.0(Critical)

An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid bi...

CWE-2872017

CVE-2020-2018

CRITICAL
CVSS:9.0(Critical)

An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewa...

CWE-2872020

CVE-2020-4427

CRITICAL
CVSS:9.0(Critical)

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafte...

CWE-2872020

CVE-2020-7293

CRITICAL
CVSS:9.0(Critical)

Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access con...

CWE-2872020

CVE-2021-45917

CRITICAL
CVSS:9.0(Critical)

The server-request receiver function of Shockwall system has an improper authentication vulnerability. An authenticated attacker of an agent computer within the local area network can use the local re...

CWE-2872021