Vulnerability Details CVE-2021-21485
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.5%
CVSS Severity
CVSS v3 Score 7.4
CVSS v2 Score 4.3
References
Products affected by CVE-2021-21485
-
cpe:2.3:a:sap:netweaver_application_server_java:7.10
-
cpe:2.3:a:sap:netweaver_application_server_java:7.20
-
cpe:2.3:a:sap:netweaver_application_server_java:7.30
-
cpe:2.3:a:sap:netweaver_application_server_java:7.31
-
cpe:2.3:a:sap:netweaver_application_server_java:7.40
-
cpe:2.3:a:sap:netweaver_application_server_java:7.50