CVE-2021-21485

Published: Apr 13, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.

Affected (6)

Products: Sap: Netweaver Application Server Java

Sap

1 product

Netweaver Application Server Java

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver Application Server Java	Version 7.10
Sap Netweaver Application Server Java	Version 7.20
Sap Netweaver Application Server Java	Version 7.30
Sap Netweaver Application Server Java	Version 7.31
Sap Netweaver Application Server Java	Version 7.40
Sap Netweaver Application Server Java	Version 7.50

References (4)

https://launchpad.support.sap.com/#/notes/3001824

Source: cna@sap.com

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3001824

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.