CVE-2021-38181

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGH

EPSS

0.5%

top 35.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver AS Abap AND Abap Platform SAP Netweaver Abap SAP Netweaver Application Server Abap

Timeline

PublishedOct 12

Latest updateMay 24

Description

SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5sap_se/sap_netweaver_as_abap_and_abap_platform< 700+12

▶NVDsap/netweaver_abap13 versions+12

▶NVDsap/netweaver_application13 versions+12

🔴Vulnerability Details

GHSA

GHSA-wwvm-fw3q-qqf3: SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legi↗2022-05-24

▶

CVEList

CVE-2021-38181: SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legi↗2021-10-12

▶