Vulnerabilities > CVE-2021-21488 - Deserialization of Untrusted Data vulnerability in SAP Netweaver Knowledge Management
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |