CVE-2021-37535 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-37535 PUBLISHED CVSS 10 CRITICAL

SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.

EPSS 0.34% · 56.3th percentile

Risk Scores

CVSS v3.0

10

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.34%

56.3th percentile

Affected Products

Vendor	Product	Versions
SAP SE	SAP NetWeaver Application Server Java (JMS Connector Service)	< 7.11, < 7.20, < 7.30
sap	netweaver_application_server_java	7.11, 7.20, 7.30

Timeline

Sep 14, 2021 CVE Published
Sep 15, 2021 EPSS Score
Nov 11, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Jan 7, 2022 EPSS Score
Mar 5, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Jun 26, 2022 EPSS Score
Aug 23, 2022 EPSS Score
Oct 19, 2022 EPSS Score
Dec 15, 2022 EPSS Score

References

Open in Interactive Console →