CVE-2021-21485

🗓️ 13 Apr 2021 19:13:15Reported by sapType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 51 Views

An unauthorized attacker may exploit SAP NetWeaver Application Server for Java to gain NTLM hashes of a privileged user

Reporter	Title	Published	Views	Family All 5
Cvelist	CVE-2021-21485	13 Apr 202118:44	–	cvelist
Prion	Code injection	13 Apr 202119:15	–	prion
CNVD	SAP NetWeaver Application Server for Java Information Disclosure Vulnerability	16 Apr 202100:00	–	cnvd
NVD	CVE-2021-21485	13 Apr 202119:15	–	nvd
Tenable Nessus	SAP NetWeaver AS Java and AS ABAP Multiple Vulnerabilities (Apr 2021)	15 Apr 202100:00	–	nessus

Nvd

Node

sap netweaver_application_server_javaMatch7.10

sap netweaver_application_server_javaMatch7.20

sap netweaver_application_server_javaMatch7.30

sap netweaver_application_server_javaMatch7.31

sap netweaver_application_server_javaMatch7.40

sap netweaver_application_server_javaMatch7.50

[
  {
    "product": "SAP NetWeaver AS for JAVA (Telnet Commands)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "ENGINEAPI 7.30, 7.31, 7.40, 7.50"
      },
      {
        "status": "affected",
        "version": "ESP_FRAMEWORK 7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
      },
      {
        "status": "affected",
        "version": "SERVERCORE 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50"
      },
      {
        "status": "affected",
        "version": "J2EE-FRMW 7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
      }
    ]
  }
]

Source	Link
wiki	www.wiki.scn.sap.com/wiki/pages/viewpage.action
launchpad	www.launchpad.support.sap.com/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 Apr 2021 19:15Current

6.5Medium risk

Vulners AI Score6.5

CVSS24.3

CVSS36.5 - 7.4

EPSS0.00166