CVE-2021-27598

CWE-284Improper Access ControlCWE-862Missing Authorization3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 48.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver AS FOR Java (customer Usage Provisioning Servlet)SAP Netweaver Application Server Java
Timeline
PublishedApr 13
Latest updateMay 24

Description

SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDsap/netweaver_application7.31, 7.40, 7.50+2

🔴Vulnerability Details

2
GHSA
GHSA-rpg5-mh4w-rj47: SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 72022-05-24
CVEList
CVE-2021-27598: SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 72021-04-13
CVE-2021-27598 (MEDIUM CVSS 5.3) | SAP NetWeaver AS JAVA (Customer Usa | cvebase.io