EUVD-2021-14382

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

SAP NetWeaver AS for JAVA has an XML Validation flaw allowing attackers to read files and crash systems.

Reporter	Title	Published	Views	Family All 9
CNNVD	SAP Netweaver 代码问题漏洞	8 Jun 202100:00	–	cnnvd
CNVD	SAP NetWeaver AS for JAVA has a code issue vulnerability	15 Jun 202100:00	–	cnvd
CVE	CVE-2021-27635	9 Jun 202113:30	–	cve
Cvelist	CVE-2021-27635	9 Jun 202113:30	–	cvelist
NCSC	Vulnerabilities fixed in SAP Netweaver	8 Jun 202100:00	–	ncsc
NVD	CVE-2021-27635	9 Jun 202114:15	–	nvd
Prion	Input validation	9 Jun 202114:15	–	prion
RedhatCVE	CVE-2021-27635	9 Jan 202608:53	–	redhatcve
Tenable Nessus	SAP NetWeaver AS JAVA Missing XML Validation (3053066)	11 Jun 202100:00	–	nessus

[
  {
    "enisaIdVendor": [
      {
        "id": "1a37167f-5189-306c-adbf-ae69fe4c5bd1",
        "vendor": {
          "name": "SAP SE"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "6fee6b54-cb26-3419-a565-29d6757ecd62",
        "product": {
          "name": "SAP NetWeaver AS for JAVA"
        },
        "product_version": "< 7.30"
      },
      {
        "id": "aa14943d-d975-37cb-83ef-2622bcf3729d",
        "product": {
          "name": "SAP NetWeaver AS for JAVA"
        },
        "product_version": "< 7.31"
      },
      {
        "id": "c8930fd5-3b70-3559-a3fb-7e9da4da18b6",
        "product": {
          "name": "SAP NetWeaver AS for JAVA"
        },
        "product_version": "< 7.20"
      },
      {
        "id": "dbb1eda4-f8a1-3599-a8b7-f496611f29ff",
        "product": {
          "name": "SAP NetWeaver AS for JAVA"
        },
        "product_version": "< 7.40"
      },
      {
        "id": "ff9556e1-5c4d-336c-b876-f4fa075fce42",
        "product": {
          "name": "SAP NetWeaver AS for JAVA"
        },
        "product_version": "< 7.50"
      }
    ]
  }
]

Source	Link
wiki	www.wiki.scn.sap.com/wiki/pages/viewpage.action
launchpad	www.launchpad.support.sap.com/
seclists	www.seclists.org/fulldisclosure/2021/Oct/28
packetstormsecurity	www.packetstormsecurity.com/files/164592/SAP-JAVA-NetWeaver-System-Connections-XML-Injection.html
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

7.9High risk

Vulners AI Score7.9

CVSS 39

CVSS 25.5

CVSS 3.16.5

EPSS0.02079