CVE-2021-27621

Published: Jun 9, 2021Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name.

Affected (6)

Products: Sap: Netweaver Application Server For Java

Sap

1 product

Netweaver Application Server For Java

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver Application Server For Java	Version 7.11
Sap Netweaver Application Server For Java	Version 7.20
Sap Netweaver Application Server For Java	Version 7.30
Sap Netweaver Application Server For Java	Version 7.31
Sap Netweaver Application Server For Java	Version 7.40
Sap Netweaver Application Server For Java	Version 7.50

References (4)

https://launchpad.support.sap.com/#/notes/3023299

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3023299

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.