Lucene search

K
cve[email protected]CVE-2021-33687
HistoryJul 14, 2021 - 12:15 p.m.

CVE-2021-33687

2021-07-1412:15:09
CWE-200
web.nvd.nist.gov
27
4
sap
netweaver
as java
enterprise portal
cve-2021-33687
security vulnerability
sensitive information disclosure
http request
xss

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.002

Percentile

61.0%

SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.

Affected configurations

NVD
Node
sapnetweaver_application_server_javaMatch7.10
OR
sapnetweaver_application_server_javaMatch7.20
OR
sapnetweaver_application_server_javaMatch7.30
OR
sapnetweaver_application_server_javaMatch7.31
OR
sapnetweaver_application_server_javaMatch7.40
OR
sapnetweaver_application_server_javaMatch7.50
VendorProductVersionCPE
sapnetweaver_application_server_java7.20cpe:/a:sap:netweaver_application_server_java:7.20:::
sapnetweaver_application_server_java7.50cpe:/a:sap:netweaver_application_server_java:7.50:::
sapnetweaver_application_server_java7.31cpe:/a:sap:netweaver_application_server_java:7.31:::
sapnetweaver_application_server_java7.10cpe:/a:sap:netweaver_application_server_java:7.10:::
sapnetweaver_application_server_java7.30cpe:/a:sap:netweaver_application_server_java:7.30:::
sapnetweaver_application_server_java7.40cpe:/a:sap:netweaver_application_server_java:7.40:::

CNA Affected

[
  {
    "product": "SAP NetWeaver AS JAVA (Enterprise Portal)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.10"
      },
      {
        "status": "affected",
        "version": "< 7.20"
      },
      {
        "status": "affected",
        "version": "< 7.30"
      },
      {
        "status": "affected",
        "version": "< 7.31"
      },
      {
        "status": "affected",
        "version": "< 7.40"
      },
      {
        "status": "affected",
        "version": "< 7.50"
      }
    ]
  }
]

Social References

More

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.002

Percentile

61.0%

Related for CVE-2021-33687