CVE-2021-27635 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-27635 PUBLISHED CVSS 9 CRITICAL

SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise confidentiality by allowing them to read any file on the filesystem or fully compromise availability by causing the system to crash. The attack cannot be used to change any data so that there is no compromise as to integrity.

EPSS 2.08% · 83.9th percentile

Risk Scores

CVSS v3.0

9

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H

EPSS Score

2.08%

83.9th percentile

Affected Products

Vendor	Product	Versions
sap	netweaver_application_server_for_java	7.50, 7.20, 7.30
SAP SE	SAP NetWeaver AS for JAVA	< 7.20, < 7.30, < 7.31

Timeline

Jun 8, 2021 CVE Published
Jun 10, 2021 EPSS Score
Jun 19, 2021 EPSS Score
Aug 10, 2021 EPSS Score
Oct 9, 2021 EPSS Score
Dec 9, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 7, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 8, 2022 EPSS Score
Jun 7, 2022 EPSS Score
Oct 7, 2022 EPSS Score

References

Open in Interactive Console →