Insufficient Logging

CVE-2021-33689

Medium

4.3/10

Summary

When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-778 - Insufficient Logging

When a security-critical event occurs, the software either does not record the event or omits important details about the event when logging it.

References

Advisory Timeline

Published Jul 14, 2021

Insufficient Logging

CVE-2021-33689

Summary

CWE-778 - Insufficient Logging

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS