Search criteria
2 vulnerabilities found for SAP NetWeaver AS for JAVA (Telnet Commands) by SAP SE
CVE-2021-21485 (GCVE-0-2021-21485)
Vulnerability from cvelistv5 – Published: 2021-04-13 18:44 – Updated: 2024-08-03 18:16
VLAI?
Summary
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.
Severity ?
7.4 (High)
CWE
- Information Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP NetWeaver AS for JAVA (Telnet Commands) |
Affected:
ENGINEAPI 7.30, 7.31, 7.40, 7.50
Affected: ESP_FRAMEWORK 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 Affected: SERVERCORE 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 Affected: J2EE-FRMW 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3001824"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS for JAVA (Telnet Commands)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "ENGINEAPI 7.30, 7.31, 7.40, 7.50"
},
{
"status": "affected",
"version": "ESP_FRAMEWORK 7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
},
{
"status": "affected",
"version": "SERVERCORE 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50"
},
{
"status": "affected",
"version": "J2EE-FRMW 7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T18:44:47",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3001824"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-21485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS for JAVA (Telnet Commands)",
"version": {
"version_data": [
{
"version_name": "ENGINEAPI",
"version_value": "7.30, 7.31, 7.40, 7.50"
},
{
"version_name": "ESP_FRAMEWORK",
"version_value": "7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
},
{
"version_name": "SERVERCORE",
"version_value": "7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50"
},
{
"version_name": "J2EE-FRMW",
"version_value": "7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3001824",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3001824"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-21485",
"datePublished": "2021-04-13T18:44:47",
"dateReserved": "2020-12-30T00:00:00",
"dateUpdated": "2024-08-03T18:16:22.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21485 (GCVE-0-2021-21485)
Vulnerability from nvd – Published: 2021-04-13 18:44 – Updated: 2024-08-03 18:16
VLAI?
Summary
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.
Severity ?
7.4 (High)
CWE
- Information Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP NetWeaver AS for JAVA (Telnet Commands) |
Affected:
ENGINEAPI 7.30, 7.31, 7.40, 7.50
Affected: ESP_FRAMEWORK 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 Affected: SERVERCORE 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 Affected: J2EE-FRMW 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:22.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3001824"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS for JAVA (Telnet Commands)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "ENGINEAPI 7.30, 7.31, 7.40, 7.50"
},
{
"status": "affected",
"version": "ESP_FRAMEWORK 7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
},
{
"status": "affected",
"version": "SERVERCORE 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50"
},
{
"status": "affected",
"version": "J2EE-FRMW 7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T18:44:47",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3001824"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-21485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS for JAVA (Telnet Commands)",
"version": {
"version_data": [
{
"version_name": "ENGINEAPI",
"version_value": "7.30, 7.31, 7.40, 7.50"
},
{
"version_name": "ESP_FRAMEWORK",
"version_value": "7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
},
{
"version_name": "SERVERCORE",
"version_value": "7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50"
},
{
"version_name": "J2EE-FRMW",
"version_value": "7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3001824",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3001824"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-21485",
"datePublished": "2021-04-13T18:44:47",
"dateReserved": "2020-12-30T00:00:00",
"dateUpdated": "2024-08-03T18:16:22.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}