Lucene search

[email protected]NVD:CVE-2021-33670

HistoryJul 14, 2021 - 12:15 p.m.

CVE-2021-33670

2021-07-1412:15:08

[email protected]

web.nvd.nist.gov

sap netweaver

java

denial of service

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.007

Percentile

80.8%

JSON

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.

Affected configurations

Nvd

Node

sapnetweaver_application_server_javaMatch7.10

sapnetweaver_application_server_javaMatch7.11

sapnetweaver_application_server_javaMatch7.20

sapnetweaver_application_server_javaMatch7.30

sapnetweaver_application_server_javaMatch7.31

sapnetweaver_application_server_javaMatch7.40

sapnetweaver_application_server_javaMatch7.50

VendorProductVersionCPE
sapnetweaver_application_server_java7.10cpe:2.3:a:sap:netweaver_application_server_java:7.10:*:*:*:*:*:*:*
sapnetweaver_application_server_java7.11cpe:2.3:a:sap:netweaver_application_server_java:7.11:*:*:*:*:*:*:*
sapnetweaver_application_server_java7.20cpe:2.3:a:sap:netweaver_application_server_java:7.20:*:*:*:*:*:*:*
sapnetweaver_application_server_java7.30cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:*
sapnetweaver_application_server_java7.31cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:*
sapnetweaver_application_server_java7.40cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*
sapnetweaver_application_server_java7.50cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	netweaver_application_server_java	7.10	cpe:2.3:a:sap:netweaver_application_server_java:7.10:::::::*
sap	netweaver_application_server_java	7.11	cpe:2.3:a:sap:netweaver_application_server_java:7.11:::::::*
sap	netweaver_application_server_java	7.20	cpe:2.3:a:sap:netweaver_application_server_java:7.20:::::::*
sap	netweaver_application_server_java	7.30	cpe:2.3:a:sap:netweaver_application_server_java:7.30:::::::*
sap	netweaver_application_server_java	7.31	cpe:2.3:a:sap:netweaver_application_server_java:7.31:::::::*
sap	netweaver_application_server_java	7.40	cpe:2.3:a:sap:netweaver_application_server_java:7.40:::::::*
sap	netweaver_application_server_java	7.50	cpe:2.3:a:sap:netweaver_application_server_java:7.50:::::::*

References

packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service.html

seclists.org/fulldisclosure/2022/May/4

launchpad.support.sap.com/#/notes/3056652

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.007

Percentile

80.8%

JSON

Related for NVD:CVE-2021-33670

prion1 redhatcve1 nessus1 cnvd1 cve1 cvelist1