VAR-202106-1530
Vulnerability from variot - Updated: 2022-07-14 22:24SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper restriction of I/O buffering into encrypted SMTP sessions over the network which can partially impact the integrity of the application. SAP NetWeaver AS ABAP Contains an improper authentication vulnerability.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1530",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "kernel_7.73"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "krnl64uc_7.53"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "kernel_7.53"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "krnl64uc_7.22"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "kernel_8.04"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "krnl64nuc_7.49"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "kernel_7.81"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "krnl32uc_7.22"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "kernel_7.82"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "krnl32nuc_7.22ext"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "krnl64uc_7.49"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "krnl64uc_7.73"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "krnl64uc_7.22ext"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "krnl64nuc_7.22ext"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "krnl64nuc_7.22"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "kernel_7.49"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "krnl32uc_7.22ext"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "kernel_7.84"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "kernel_7.77"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "kernel_7.22"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "kernel_7.83"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "krnl32nuc_7.22"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "krnl64uc_8.04"
},
{
"model": "netweaver as abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver as abap",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007823"
},
{
"db": "NVD",
"id": "CVE-2021-33663"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.49:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.77:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.81:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.82:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.83:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.84:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:kernel_8.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:krnl32nuc_7.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:krnl32nuc_7.22ext:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:krnl32uc_7.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:krnl32uc_7.22ext:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.49:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.49:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_8.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33663"
}
]
},
"cve": "CVE-2021-33663",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-33663",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.8,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33663",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-33663",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-33663",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-441",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007823"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-441"
},
{
"db": "NVD",
"id": "CVE-2021-33663"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper restriction of I/O buffering into encrypted SMTP sessions over the network which can partially impact the integrity of the application. SAP NetWeaver AS ABAP Contains an improper authentication vulnerability.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33663"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007823"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33663",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007823",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202106-441",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007823"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-441"
},
{
"db": "NVD",
"id": "CVE-2021-33663"
}
]
},
"id": "VAR-202106-1530",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.094017096
},
"last_update_date": "2022-07-14T22:24:19.359000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP\u00a0Security\u00a0Patch\u00a0Day\u00a0-\u00a0June\u00a02021",
"trust": 0.8,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=578125999"
},
{
"title": "SAP Netweaver Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=154223"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007823"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-441"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.0
},
{
"problemtype": "Bad authentication (CWE-863) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007823"
},
{
"db": "NVD",
"id": "CVE-2021-33663"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://launchpad.support.sap.com/#/notes/3030604"
},
{
"trust": 1.6,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=578125999"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33663"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-june-2021-35633"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007823"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-441"
},
{
"db": "NVD",
"id": "CVE-2021-33663"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007823"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-441"
},
{
"db": "NVD",
"id": "CVE-2021-33663"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007823"
},
{
"date": "2021-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-441"
},
{
"date": "2021-06-09T14:15:00",
"db": "NVD",
"id": "CVE-2021-33663"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-24T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-007823"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-441"
},
{
"date": "2021-06-15T16:28:00",
"db": "NVD",
"id": "CVE-2021-33663"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-441"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP\u00a0NetWeaver\u00a0AS\u00a0ABAP\u00a0 Authentication Vulnerability in Microsoft",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007823"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-441"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…