Search
Find a vulnerability
Search criteria
2 vulnerabilities found for SCIMono by SAP SE
CVE-2021-21479 (GCVE-0-2021-21479)
Vulnerability from nvd – Published: 2021-02-09 20:49 – Updated: 2024-08-03 18:16
VLAI
KEVIntel
Summary
In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.
Severity
8.1 (High)
CWE
- Remote Code Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/SAP/scimono/security/advisorie… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCIMono",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 0.0.19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-09T20:49:20.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-21479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCIMono",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "0.0.19"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.1",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c",
"refsource": "CONFIRM",
"url": "https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-21479",
"datePublished": "2021-02-09T20:49:20.000Z",
"dateReserved": "2020-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:16:22.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21479 (GCVE-0-2021-21479)
Vulnerability from cvelistv5 – Published: 2021-02-09 20:49 – Updated: 2024-08-03 18:16
VLAI
KEVIntel
Summary
In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.
Severity
8.1 (High)
CWE
- Remote Code Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/SAP/scimono/security/advisorie… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCIMono",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 0.0.19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-09T20:49:20.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-21479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCIMono",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "0.0.19"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.1",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c",
"refsource": "CONFIRM",
"url": "https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-21479",
"datePublished": "2021-02-09T20:49:20.000Z",
"dateReserved": "2020-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:16:22.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}