CVE-2021-33705

🗓️ 15 Sep 2021 18:01:52Reported by sapType

The SAP NetWeaver Portal Iviews Editor has a Server-Side Request Forgery (SSRF) vulnerability allowing unauthenticated attackers to craft URLs for unauthorized server requests

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2021-33705	15 Sep 202122:22	–	circl
CNNVD	SAP Enterprise Portal 代码问题漏洞	10 Aug 202100:00	–	cnnvd
CVE	CVE-2021-33705	15 Sep 202118:01	–	cve
EUVD	EUVD-2021-20382	7 Oct 202500:30	–	euvd
NCSC	Several vulnerabilities fixed in SAP products	10 Aug 202100:00	–	ncsc
NVD	CVE-2021-33705	15 Sep 202119:15	–	nvd
OSV	CVE-2021-33705	15 Sep 202119:15	–	osv
Prion	Server side request forgery (ssrf)	15 Sep 202119:15	–	prion
RedhatCVE	CVE-2021-33705	22 May 202521:08	–	redhatcve
ThreatPost	SAP Patches Nine Critical & High-Severity Bugs	11 Aug 202115:27	–	threatpost

[
  {
    "product": "SAP NetWeaver Enterprise Portal",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.10"
      },
      {
        "status": "affected",
        "version": "< 7.11"
      },
      {
        "status": "affected",
        "version": "< 7.20"
      },
      {
        "status": "affected",
        "version": "< 7.30"
      },
      {
        "status": "affected",
        "version": "< 7.31"
      },
      {
        "status": "affected",
        "version": "< 7.40"
      },
      {
        "status": "affected",
        "version": "< 7.50"
      }
    ]
  }
]

Source	Link
launchpad	www.launchpad.support.sap.com/
seclists	www.seclists.org/fulldisclosure/2022/Jan/72
packetstormsecurity	www.packetstormsecurity.com/files/165743/SAP-Enterprise-Portal-iviewCatcherEditor-Server-Side-Request-Forgery.html
wiki	www.wiki.scn.sap.com/wiki/pages/viewpage.action

27 Jan 2022 16:06Current

8.2High risk

Vulners AI Score8.2

CVSS 38.1

EPSS0.00691

CWE-918