Lucene search
SapCVELIST:CVE-2021-37535HistorySep 14, 2021 - 11:21 a.m.
CVE-2021-37535
2021-09-1411:21:27
sap
www.cve.org
4
sap
netweaver
java
jms
connector
service
authorization checks
user privileges
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
9.8
Confidence
High
EPSS
0.002
Percentile
65.0%
SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.
CNA Affected
[
{
"product": "SAP NetWeaver Application Server Java (JMS Connector Service)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "< 7.11"
},
{
"status": "affected",
"version": "< 7.20"
},
{
"status": "affected",
"version": "< 7.30"
},
{
"status": "affected",
"version": "< 7.31"
},
{
"status": "affected",
"version": "< 7.40"
},
{
"status": "affected",
"version": "< 7.50"
}
]
}
]Related
cve
cve
CVE-2021-37535
2021-09-14 12:15:10
nvd
nvd
CVE-2021-37535
2021-09-14 12:15:10
nessus
nessus
SAP NetWeaver AS Missing Authorization Check (September 2021)
2021-09-16 00:00:00
prion
prion
Authorization
2021-09-14 12:15:00
CVSS3
10
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
9.8
Confidence
High
EPSS
0.002
Percentile
65.0%
Related for CVELIST:CVE-2021-37535