CVE-2021-37535

🗓️ 14 Sep 2021 11:21:27Reported by sapType

SAP NetWeaver AS Java JMS Connector Service does not perform necessary user privilege authorization check

Reporter	Title	Published	Views	Family All 12
BDU FSTEC	The vulnerability of the JMS Connector Service server in SAP NetWeaver Java Application Server allows attackers to circumvent existing security restrictions or execute arbitrary code.	13 Oct 202100:00	–	bdu_fstec
Circl	CVE-2021-37535	14 Sep 202116:21	–	circl
CNNVD	SAP NetWeaver Application Server Java 授权问题漏洞	14 Sep 202100:00	–	cnnvd
CVE	CVE-2021-37535	14 Sep 202111:21	–	cve
EUVD	EUVD-2021-24096	7 Oct 202500:30	–	euvd
NCSC	Vulnerabilities fixed in SAP products	14 Sep 202100:00	–	ncsc
NVD	CVE-2021-37535	14 Sep 202112:15	–	nvd
OSV	CVE-2021-37535	14 Sep 202112:15	–	osv
Prion	Authorization	14 Sep 202112:15	–	prion
Positive Technologies	PT-2021-4347 · Sap · Sap Netweaver Application Server Java	14 Sep 202100:00	–	ptsecurity

[
  {
    "product": "SAP NetWeaver Application Server Java (JMS Connector Service)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.11"
      },
      {
        "status": "affected",
        "version": "< 7.20"
      },
      {
        "status": "affected",
        "version": "< 7.30"
      },
      {
        "status": "affected",
        "version": "< 7.31"
      },
      {
        "status": "affected",
        "version": "< 7.40"
      },
      {
        "status": "affected",
        "version": "< 7.50"
      }
    ]
  }
]

Source	Link
launchpad	www.launchpad.support.sap.com/
wiki	www.wiki.scn.sap.com/wiki/pages/viewpage.action

14 Sep 2021 11:21Current

9.8High risk

Vulners AI Score9.8

CVSS 310

EPSS0.00422