Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NSap Cloud Connector
APPSap2.0
Powiązane podatności
Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient ...
SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the appl...
SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities tha...
SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked ...
SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to in...