CVE-2021-40495

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/10/2021
Last modified:
06/10/2022

Description

There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*