CVE-2021-40495

3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.4%

top 40.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver AS Abap AND Abap Platform SAP Netweaver Abap SAP Netweaver Application Server Abap

Timeline

PublishedOct 12

Latest updateMay 24

Description

There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5sap_se/sap_netweaver_as_abap_and_abap_platform< 740+6

▶NVDsap/netweaver_abap7 versions+6

▶NVDsap/netweaver_application7 versions+6

🔴Vulnerability Details

GHSA

GHSA-c7v9-3364-rhjg: There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753↗2022-05-24

▶

CVEList

CVE-2021-40495: There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753↗2021-10-12

▶