How severe is CVE-2021-21480?

Critical severity. CVSS v3 base score is 9.9 out of 10.

Is CVE-2021-21480 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Sap Se Manufacturing Integration And Intelligence

Q: What is CVE-2021-21480?

CVE-2021-21480 is a critical-severity vulnerability in Sap Se Manufacturing Integration And Intelligence. CVSS score: 9.9/10. Published 2021-03-09.

CVE-2021-21480

SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When…

EPSS: 0.509 (98.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Sap Se Manufacturing Integration And Intelligence — versions < 15.1, < 15.2, < 15.3

Public proof-of-concept exploits

References

wiki.scn.sap.com/wiki/pages/viewpage.action (x_refsource_MISC)
launchpad.support.sap.com/ (x_refsource_MISC)
20210614 Onapsis Security Advisory 2021-0012: SAP Manufacturing Integration and Intelligence lack of server side validations leads to RCE (mailing-list, x_refsource_FULLDISC)
packetstormsecurity.com/files/163164/SAP-XMII-Remote-Code-Execution.html (x_refsource_MISC)
www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-21480?: CVE-2021-21480 is a critical-severity vulnerability in Sap Se Manufacturing Integration And Intelligence. CVSS score: 9.9/10. Published 2021-03-09.
How severe is CVE-2021-21480?: Critical severity. CVSS v3 base score is 9.9 out of 10.
Is CVE-2021-21480 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.