← Back

CVE-2021-33705

nvd nist
Published: Sep 15, 2021Modified: Nov 21, 2024

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Exploitability: 2.8 / Impact: 5.2
Source: NVD

Description

The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request (e.g. POST, GET) to any internal or external server. This can result in the accessing or modification of data accessible from the Portal but will not affect its availability.

Affected (7)

Sap
1 product
Netweaver Portal
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Netweaver Portal
Version 7.10
Netweaver Portal
Version 7.11
Netweaver Portal
Version 7.20
Netweaver Portal
Version 7.30
Netweaver Portal
Version 7.31
Netweaver Portal
Version 7.40
Netweaver Portal
Version 7.50

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (8)

Source: cna@sap.com
Third Party AdvisoryVDB Entry
Source: cna@sap.com
Mailing ListThird Party Advisory
Source: cna@sap.com
Permissions Required
Source: cna@sap.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.