VDB
CVE-2021-33670
CVE-2021-33670
PUBLISHED
CVSS 7.5 HIGH
SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.
EPSS 5.56% · 90.5th percentile
Risk Scores
CVSS 3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
5.56%
90.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| sap | netweaver_application_server_java | 7.50, 7.10, 7.11 |
| SAP SE | SAP NetWeaver AS for Java (Http Service) | < 7.10, < 7.20, < 7.30 |
Exploit Intelligence
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 (circl)
- https://launchpad.support.sap.com/#/notes/3056652 (circl)
- 20220504 Onapsis Security Advisory 2022-0002: Denial of Service in SAP NetWeaver JAVA (circl)
- http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service.html (circl)
Timeline
- Jul 14, 2021 CVE Published
- Jul 15, 2021 EPSS Score
- Sep 13, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 10, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 9, 2022 EPSS Score
- Jul 8, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Jan 4, 2023 EPSS Score
- Mar 4, 2023 EPSS Score
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 advisory
- https://launchpad.support.sap.com/#/notes/3056652 url
- 20220504 Onapsis Security Advisory 2022-0002: Denial of Service in SAP NetWeaver JAVA mailing-list
- http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service.html url
- https://nvd.nist.gov/vuln/detail/CVE-2021-33670 advisory