CVE-2021-33692

Click the icon to Follow me:- twitterTelegramRedditDiscord

Summary:

SAP Cloud Connector, version – 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as ‘..’ and ‘/’ separators, for attackers to escape outside of the restricted location to access files or directories.

Reference Links(if available):

  • https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
  • https://launchpad.support.sap.com/#/notes/3058553
  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • Available for Amazon Prime