CVE-2021-33670 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-33670 PUBLISHED CVSS 7.5 HIGH

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.

EPSS 5.56% · 90.2th percentile

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

5.56%

90.2th percentile

Affected Products

Vendor	Product	Versions
sap	netweaver_application_server_java	7.50, 7.10, 7.11
SAP SE	SAP NetWeaver AS for Java (Http Service)	< 7.10, < 7.11, < 7.20

Timeline

Jul 14, 2021 CVE Published
Jul 15, 2021 EPSS Score
Sep 12, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Jan 8, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 6, 2022 EPSS Score
Jul 4, 2022 EPSS Score
Oct 31, 2022 EPSS Score
Dec 29, 2022 EPSS Score
Feb 26, 2023 EPSS Score

References

Open in Interactive Console →