CVE-2021-33670
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/07/2021
Last modified:
12/05/2022
Description
SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:netweaver_application_server_java:7.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_java:7.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_java:7.20:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page