Lucene search

SapCVELIST:CVE-2021-21488

HistoryMar 09, 2021 - 2:07 p.m.

CVE-2021-21488

2021-03-0914:07:10

sap

www.cve.org

knowledge management

remote attacker

user-controlled data

insecure deserialization

availability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

57.0%

JSON

Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability.

CNA Affected

[
  {
    "product": "SAP NetWeaver Knowledge Management",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.01"
      },
      {
        "status": "affected",
        "version": "< 7.02"
      },
      {
        "status": "affected",
        "version": "< 7.30"
      },
      {
        "status": "affected",
        "version": "< 7.31"
      },
      {
        "status": "affected",
        "version": "< 7.40"
      },
      {
        "status": "affected",
        "version": "< 7.50"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2983436

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

57.0%

JSON

Related for CVELIST:CVE-2021-21488