7.4
CVE-2021-21485
- EPSS 0.27%
- Published 13.04.2021 19:15:13
- Last modified 21.11.2024 05:48:28
- Source cna@sap.com
- Teams watchlist Login
- Open Login
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Netweaver Application Server Java Version7.10
SAP ≫ Netweaver Application Server Java Version7.20
SAP ≫ Netweaver Application Server Java Version7.30
SAP ≫ Netweaver Application Server Java Version7.31
SAP ≫ Netweaver Application Server Java Version7.40
SAP ≫ Netweaver Application Server Java Version7.50
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.479 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| cna@sap.com | 7.4 | 2.8 | 4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
|