Vulnerabilities > CVE-2021-33670 - Unspecified vulnerability in SAP Netweaver Application Server Java

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

sap

NVD

Published: 2021-07-14

Updated: 2022-05-12

Summary

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Netweaver Application Server Java 7.20 SAP Netweaver Application Server Java 7.30 SAP Netweaver Application Server Java 7.31 SAP Netweaver Application Server Java 7.40 SAP Netweaver Application Server Java 7.50 SAP Netweaver Application Server Java 7.10 SAP Netweaver Application Server Java 7.11	7

Summary

Vulnerable Configurations

References