Lucene search

K
nvd[email protected]NVD:CVE-2021-33687
HistoryJul 14, 2021 - 12:15 p.m.

CVE-2021-33687

2021-07-1412:15:09
CWE-200
web.nvd.nist.gov

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

61.0%

SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.

Affected configurations

NVD
Node
sapnetweaver_application_server_javaMatch7.10
OR
sapnetweaver_application_server_javaMatch7.20
OR
sapnetweaver_application_server_javaMatch7.30
OR
sapnetweaver_application_server_javaMatch7.31
OR
sapnetweaver_application_server_javaMatch7.40
OR
sapnetweaver_application_server_javaMatch7.50

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

61.0%

Related for NVD:CVE-2021-33687