CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-27598

SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.5%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 5.0

References

https://launchpad.support.sap.com/#/notes/3027937
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649
https://launchpad.support.sap.com/#/notes/3027937
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649

Products affected by CVE-2021-27598

Sap » Netweaver Application Server Java » Version: 7.31

cpe:2.3:a:sap:netweaver_application_server_java:7.31
Sap » Netweaver Application Server Java » Version: 7.40

cpe:2.3:a:sap:netweaver_application_server_java:7.40
Sap » Netweaver Application Server Java » Version: 7.50

cpe:2.3:a:sap:netweaver_application_server_java:7.50

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-27598

Products

Pricing

Contact Us