Search
Find a vulnerability
Search criteria
4 vulnerabilities found for infrabox by sap
CVE-2021-33706 (GCVE-0-2021-33706)
Vulnerability from nvd – Published: 2021-08-10 14:10 – Updated: 2024-08-03 23:58
VLAI
Summary
Due to improper input validation in InfraBox, logs can be modified by an authenticated user.
Severity
4.3 (Medium)
CWE
- Improper input validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/SAP/InfraBox/security/advisori… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SAP/InfraBox/security/advisories/GHSA-gw7h-9xvm-83qh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "InfraBox",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c1.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to improper input validation in InfraBox, logs can be modified by an authenticated user."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T14:10:54.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAP/InfraBox/security/advisories/GHSA-gw7h-9xvm-83qh"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-33706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InfraBox",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "\u003c1.2.2"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to improper input validation in InfraBox, logs can be modified by an authenticated user."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/SAP/InfraBox/security/advisories/GHSA-gw7h-9xvm-83qh",
"refsource": "MISC",
"url": "https://github.com/SAP/InfraBox/security/advisories/GHSA-gw7h-9xvm-83qh"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-33706",
"datePublished": "2021-08-10T14:10:54.000Z",
"dateReserved": "2021-05-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:58:22.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33668 (GCVE-0-2021-33668)
Vulnerability from nvd – Published: 2021-06-09 12:02 – Updated: 2024-08-03 23:58
VLAI
Summary
Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application.
Severity
5.3 (Medium)
CWE
- LDAP Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/SAP/scimono/security/advisorie… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP InfraBox |
Affected:
< 1.2.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SAP/scimono/security/advisories/GHSA-wg9g-w4fg-3qqc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP InfraBox",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "LDAP Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-09T12:02:26.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAP/scimono/security/advisories/GHSA-wg9g-w4fg-3qqc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-33668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP InfraBox",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "1.2.1"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "LDAP Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/SAP/scimono/security/advisories/GHSA-wg9g-w4fg-3qqc",
"refsource": "MISC",
"url": "https://github.com/SAP/scimono/security/advisories/GHSA-wg9g-w4fg-3qqc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-33668",
"datePublished": "2021-06-09T12:02:26.000Z",
"dateReserved": "2021-05-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:58:22.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33706 (GCVE-0-2021-33706)
Vulnerability from cvelistv5 – Published: 2021-08-10 14:10 – Updated: 2024-08-03 23:58
VLAI
Summary
Due to improper input validation in InfraBox, logs can be modified by an authenticated user.
Severity
4.3 (Medium)
CWE
- Improper input validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/SAP/InfraBox/security/advisori… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SAP/InfraBox/security/advisories/GHSA-gw7h-9xvm-83qh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "InfraBox",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c1.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to improper input validation in InfraBox, logs can be modified by an authenticated user."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T14:10:54.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAP/InfraBox/security/advisories/GHSA-gw7h-9xvm-83qh"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-33706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InfraBox",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "\u003c1.2.2"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to improper input validation in InfraBox, logs can be modified by an authenticated user."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/SAP/InfraBox/security/advisories/GHSA-gw7h-9xvm-83qh",
"refsource": "MISC",
"url": "https://github.com/SAP/InfraBox/security/advisories/GHSA-gw7h-9xvm-83qh"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-33706",
"datePublished": "2021-08-10T14:10:54.000Z",
"dateReserved": "2021-05-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:58:22.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33668 (GCVE-0-2021-33668)
Vulnerability from cvelistv5 – Published: 2021-06-09 12:02 – Updated: 2024-08-03 23:58
VLAI
Summary
Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application.
Severity
5.3 (Medium)
CWE
- LDAP Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/SAP/scimono/security/advisorie… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP InfraBox |
Affected:
< 1.2.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SAP/scimono/security/advisories/GHSA-wg9g-w4fg-3qqc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP InfraBox",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "LDAP Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-09T12:02:26.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SAP/scimono/security/advisories/GHSA-wg9g-w4fg-3qqc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-33668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP InfraBox",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "1.2.1"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "LDAP Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/SAP/scimono/security/advisories/GHSA-wg9g-w4fg-3qqc",
"refsource": "MISC",
"url": "https://github.com/SAP/scimono/security/advisories/GHSA-wg9g-w4fg-3qqc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-33668",
"datePublished": "2021-06-09T12:02:26.000Z",
"dateReserved": "2021-05-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:58:22.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}