← Back

CVE-2021-21488

nvd nist
Published: Mar 9, 2021Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability.

Affected (6)

Sap
1 product
Netweaver Knowledge Management
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Netweaver Knowledge Management
Version 7.01
Netweaver Knowledge Management
Version 7.02
Netweaver Knowledge Management
Version 7.30
Netweaver Knowledge Management
Version 7.31
Netweaver Knowledge Management
Version 7.40
Netweaver Knowledge Management
Version 7.50

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (4)

Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.