Vulnerabilites related to SAP SE - SAP NetWeaver AS for JAVA (Telnet Commands)
CVE-2021-21485 (GCVE-0-2021-21485)
Vulnerability from cvelistv5
Published
2021-04-13 18:44
Modified
2024-08-03 18:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP NetWeaver AS for JAVA (Telnet Commands) |
Version: ENGINEAPI 7.30, 7.31, 7.40, 7.50 Version: ESP_FRAMEWORK 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 Version: SERVERCORE 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 Version: J2EE-FRMW 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3001824"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS for JAVA (Telnet Commands)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "ENGINEAPI 7.30, 7.31, 7.40, 7.50"
},
{
"status": "affected",
"version": "ESP_FRAMEWORK 7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
},
{
"status": "affected",
"version": "SERVERCORE 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50"
},
{
"status": "affected",
"version": "J2EE-FRMW 7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T18:44:47",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3001824"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-21485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS for JAVA (Telnet Commands)",
"version": {
"version_data": [
{
"version_name": "ENGINEAPI",
"version_value": "7.30, 7.31, 7.40, 7.50"
},
{
"version_name": "ESP_FRAMEWORK",
"version_value": "7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
},
{
"version_name": "SERVERCORE",
"version_value": "7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50"
},
{
"version_name": "J2EE-FRMW",
"version_value": "7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3001824",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3001824"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-21485",
"datePublished": "2021-04-13T18:44:47",
"dateReserved": "2020-12-30T00:00:00",
"dateUpdated": "2024-08-03T18:16:22.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}