CVE-2021-33671

🗓️ 14 Jul 2021 11:03:32Reported by sapType

SAP NetWeaver Guided Procedures does not perform necessary authorization checks for authenticated user, leading to privilege escalation

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2021-33671	14 Jul 202114:12	–	circl
CNNVD	SAP NetWeaver 安全漏洞	13 Jul 202100:00	–	cnnvd
CVE	CVE-2021-33671	14 Jul 202111:03	–	cve
EUVD	EUVD-2021-20348	7 Oct 202500:30	–	euvd
NCSC	Vulnerabilities fixed in SAP products	13 Jul 202100:00	–	ncsc
NVD	CVE-2021-33671	14 Jul 202112:15	–	nvd
Prion	Authorization	14 Jul 202112:15	–	prion
RedhatCVE	CVE-2021-33671	9 Jan 202608:52	–	redhatcve
Tenable Nessus	SAP NetWeaver AS Missing Authorization Check (3059446)	27 Jul 202100:00	–	nessus

[
  {
    "product": "SAP NetWeaver Guided Procedures (Administration Workset)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.10"
      },
      {
        "status": "affected",
        "version": "< 7.20"
      },
      {
        "status": "affected",
        "version": "< 7.30"
      },
      {
        "status": "affected",
        "version": "< 7.31"
      },
      {
        "status": "affected",
        "version": "< 7.40"
      },
      {
        "status": "affected",
        "version": "< 7.50"
      }
    ]
  }
]

Source	Link
wiki	www.wiki.scn.sap.com/wiki/pages/viewpage.action
launchpad	www.launchpad.support.sap.com/

14 Jul 2021 11:03Current

9High risk

Vulners AI Score9

CVSS 37.6

EPSS0.00732