CVE-2021-33692 – CVE-2021-33692 is a path traversal vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2021-33692?

CVE-2021-33692 has a CVSS score of 7.5 (HIGH). CVE-2021-33692 is a path traversal vulnerability in SAP Cloud Connector that allows attackers to upload malicious zip backup files containing directory traversal sequences ('..' and '/') to escape restricted locations and access unauthorized files or directories. This affects organizations using SAP Cloud Connector version 2.0 for connecting on-premise systems to SAP Cloud Platform.

📋 TL;DR

CVE-2021-33692 is a path traversal vulnerability in SAP Cloud Connector that allows attackers to upload malicious zip backup files containing directory traversal sequences ('..' and '/') to escape restricted locations and access unauthorized files or directories. This affects organizations using SAP Cloud Connector version 2.0 for connecting on-premise systems to SAP Cloud Platform.

💻 Affected Systems

Products:

SAP Cloud Connector

Versions: Version 2.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects backup upload functionality in version 2.0. Later versions are not vulnerable.

📦 What is this software?

Cloud Connector by Sap

View all CVEs affecting Cloud Connector →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive configuration files, system files, or potentially write files to execute arbitrary code, leading to complete system compromise.

🟠

Likely Case

Unauthorized file access leading to information disclosure of configuration data, credentials, or other sensitive files stored on the server.

🟢

If Mitigated

Limited impact with proper input validation and file upload restrictions in place.

🌐 Internet-Facing: MEDIUM - Requires access to backup upload functionality which may be exposed to authenticated users.

🏢 Internal Only: HIGH - Internal attackers or compromised accounts could exploit this to escalate privileges and access sensitive data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to backup upload functionality and knowledge of directory traversal techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply SAP Security Note 3058553

Vendor Advisory: https://launchpad.support.sap.com/#/notes/3058553

Restart Required: Yes

Instructions:

1. Download SAP Security Note 3058553 from SAP Support Portal. 2. Apply the patch to SAP Cloud Connector 2.0. 3. Restart the SAP Cloud Connector service.

🔧 Temporary Workarounds

Disable Backup Upload

all

Temporarily disable backup upload functionality until patch can be applied.

Modify configuration to restrict backup upload access

Input Validation

all

Implement additional validation for zip file contents to detect path traversal sequences.

Implement file validation in application code

🧯 If You Can't Patch

Restrict network access to SAP Cloud Connector backup functionality
Implement strict file upload validation and monitoring for suspicious backup activities

🔍 How to Verify

Check if Vulnerable:

Check if running SAP Cloud Connector version 2.0 without Security Note 3058553 applied.

Check Version:

Check SAP Cloud Connector administration interface or configuration files for version information.

Verify Fix Applied:

Verify Security Note 3058553 is applied and test backup upload with malicious zip files containing traversal sequences.

📡 Detection & Monitoring

Log Indicators:

Unusual backup upload activities
Failed attempts to access restricted directories via backup upload

Network Indicators:

Suspicious file upload patterns to backup endpoints

SIEM Query:

source="sap-cloud-connector" AND (event="backup_upload" OR file_upload="*.zip")

📊 Metadata

CVE ID: CVE-2021-33692

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: September 15, 2021

Last Updated: November 21, 2024

🔗 References

https://launchpad.support.sap.com/#/notes/3058553 Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806 Patch,Vendor Advisory
https://launchpad.support.sap.com/#/notes/3058553 Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33692, you might also want to check these: