CVE-2021-33670

EPSS 5.56%
Published 14.07.2021 12:15:08
Last modified 21.11.2024 06:09:19
Source cna@sap.com
Teams watchlist Login
Open Login

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.

Affected products Warnungen 0 Metrics 4 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Netweaver Application Server Java Version7.10

SAP ≫ Netweaver Application Server Java Version7.11

SAP ≫ Netweaver Application Server Java Version7.20

SAP ≫ Netweaver Application Server Java Version7.30

SAP ≫ Netweaver Application Server Java Version7.31

SAP ≫ Netweaver Application Server Java Version7.40

SAP ≫ Netweaver Application Server Java Version7.50

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.56%	0.9

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
cna@sap.com	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506

Vendor Advisory

http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service.html

Patch

Third Party Advisory

VDB Entry

http://seclists.org/fulldisclosure/2022/May/4

Patch

Third Party Advisory

Mailing List

https://launchpad.support.sap.com/#/notes/3056652

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2021-33670

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-33670

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-33670

EUVD