CVE-2021-21446Uncontrolled Resource Consumption in SE SAP Netweaver AS Abap

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver AS AbapSAP Netweaver Application Server Abap
Timeline
PublishedJan 12
Latest updateMay 24

Description

SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5sap_se/sap_netweaver_as_abap< 740+6
NVDsap/netweaver_application7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-jv2p-v76x-4c37: SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a ser2022-05-24
CVEList
CVE-2021-21446: SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a ser2021-01-12
CVE-2021-21446 — Uncontrolled Resource Consumption | cvebase