CVE-2021-40495

Published Oct 12, 2021

Last updated 2 years ago

CVSS medium 5.3

Overview

Description: There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform.
Source: cna@sap.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09A38B6E-03DC-4086-A307-542B35814E0E"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4651257F-7BFC-41AE-8E37-8C96F822CE58"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EECB438D-D5CD-4483-934F-4C814A725A35"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14A1CD95-14E1-438A-92FB-A0E47A88C59F"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4148303B-133A-4FD2-B546-DD86C5D0E7C1"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E51EF6BC-4C1C-4F1B-9873-D571BE3788F5"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "424A3D68-0825-4A2C-BEB1-DC9A212A5E42"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7777AA80-1608-420E-B7D5-09ABECD51728"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0539618A-1C4D-463F-B2BB-DD1C239C23EB"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62828DCD-F80E-4C7C-A988-EFEA06A5223E"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9F38585-73AE-4DBB-A978-F0272DF8FB58"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D416C064-BB8A-4230-A761-84A93E017F79"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References