How severe is CVE-2021-41251?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2021-41251?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2021-41251 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some cases, when user information was missing, destinations were cached without user information, allowing other users to retrieve the same destination with its permissions. By default, destination caching is disabled. The security for caching has been increased. The changes are released in version 1.52.0. Users unable to upgrade are advised to disable destination caching (it is disabled by default).

Related Vulnerabilities

CVE-2007-2479

MEDIUM

CVSS:5.9(Medium)

Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed ...

CWE-2002007

CVE-2011-4076

MEDIUM

CVSS:5.9(Medium)

OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or...

CWE-2002011

CVE-2013-3587

MEDIUM

CVSS:5.9(Medium)

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle at...

CWE-2002013

CVE-2013-6681

MEDIUM

CVSS:5.9(Medium)

Tube Map Live Underground for Android before 3.0.22 has an Information Disclosure Vulnerability

CWE-2002013

CVE-2014-2359

MEDIUM

CVSS:5.9(Medium)

OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data.

CWE-2002014

CVE-2014-4024

MEDIUM

CVSS:5.9(Medium)

SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used ...

CWE-2002014