Vulnerabilites related to SAP SE - SAP NetWeaver AS for JAVA (Telnet Commands)
cve-2021-21485
Vulnerability from cvelistv5
Published
2021-04-13 18:44
Modified
2024-08-03 18:16
Severity ?
EPSS score ?
Summary
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.
References
▼ | URL | Tags |
---|---|---|
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 | x_refsource_MISC | |
https://launchpad.support.sap.com/#/notes/3001824 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | SAP SE | SAP NetWeaver AS for JAVA (Telnet Commands) |
Version: ENGINEAPI 7.30, 7.31, 7.40, 7.50 Version: ESP_FRAMEWORK 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 Version: SERVERCORE 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 Version: J2EE-FRMW 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:16:22.530Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://launchpad.support.sap.com/#/notes/3001824", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SAP NetWeaver AS for JAVA (Telnet Commands)", vendor: "SAP SE", versions: [ { status: "affected", version: "ENGINEAPI 7.30, 7.31, 7.40, 7.50", }, { status: "affected", version: "ESP_FRAMEWORK 7.10, 7.20, 7.30, 7.31, 7.40, 7.50", }, { status: "affected", version: "SERVERCORE 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50", }, { status: "affected", version: "J2EE-FRMW 7.10, 7.20, 7.30, 7.31, 7.40, 7.50", }, ], }, ], descriptions: [ { lang: "en", value: "An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-13T18:44:47", orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", shortName: "sap", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649", }, { tags: [ "x_refsource_MISC", ], url: "https://launchpad.support.sap.com/#/notes/3001824", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cna@sap.com", ID: "CVE-2021-21485", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SAP NetWeaver AS for JAVA (Telnet Commands)", version: { version_data: [ { version_name: "ENGINEAPI", version_value: "7.30, 7.31, 7.40, 7.50", }, { version_name: "ESP_FRAMEWORK", version_value: "7.10, 7.20, 7.30, 7.31, 7.40, 7.50", }, { version_name: "SERVERCORE", version_value: "7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50", }, { version_name: "J2EE-FRMW", version_value: "7.10, 7.20, 7.30, 7.31, 7.40, 7.50", }, ], }, }, ], }, vendor_name: "SAP SE", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.", }, ], }, impact: { cvss: { baseScore: "7.4", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649", refsource: "MISC", url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649", }, { name: "https://launchpad.support.sap.com/#/notes/3001824", refsource: "MISC", url: "https://launchpad.support.sap.com/#/notes/3001824", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", assignerShortName: "sap", cveId: "CVE-2021-21485", datePublished: "2021-04-13T18:44:47", dateReserved: "2020-12-30T00:00:00", dateUpdated: "2024-08-03T18:16:22.530Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }