CVE-2021-33670

EPSS 5.56%
Veröffentlicht 14.07.2021 12:15:08
Zuletzt bearbeitet 21.11.2024 06:09:19
Quelle cna@sap.com
Teams Watchlist Login
Unerledigt Login

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Netweaver Application Server Java Version7.10

SAP ≫ Netweaver Application Server Java Version7.11

SAP ≫ Netweaver Application Server Java Version7.20

SAP ≫ Netweaver Application Server Java Version7.30

SAP ≫ Netweaver Application Server Java Version7.31

SAP ≫ Netweaver Application Server Java Version7.40

SAP ≫ Netweaver Application Server Java Version7.50

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.56%	0.9

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
cna@sap.com	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506

Vendor Advisory

http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service.html

Patch

Third Party Advisory

VDB Entry

http://seclists.org/fulldisclosure/2022/May/4

Patch

Third Party Advisory

Mailing List

https://launchpad.support.sap.com/#/notes/3056652

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2021-33670

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-33670

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-33670

EUVD