Lucene search

[email protected]CVE-2021-21446

HistoryJan 12, 2021 - 3:15 p.m.

CVE-2021-21446

2021-01-1215:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

sap

netweaver

abap

cve-2021-21446

security

vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

46.6%

JSON

SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service.

CPENameOperatorVersion
sap:netweaver_application_server_abapsap netweaver application server abapeq750
sap:netweaver_application_server_abapsap netweaver application server abapeq752
sap:netweaver_application_server_abapsap netweaver application server abapeq753
sap:netweaver_application_server_abapsap netweaver application server abapeq754
sap:netweaver_application_server_abapsap netweaver application server abapeq755
sap:netweaver_application_server_abapsap netweaver application server abapeq740
sap:netweaver_application_server_abapsap netweaver application server abapeq751

CPE	Name	Operator	Version
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	750
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	752
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	753
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	754
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	755
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	740
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	751

References

launchpad.support.sap.com/#/notes/3000306

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

46.6%

JSON

Related for CVE-2021-21446

prion1 nessus1