CVE-2021-33670

moderate-risk
Published 2021-07-14

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability.

Do I need to act?

~
5.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (7)

Affected Vendors

Sap

References (8)

Patch http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service...
Mailing List http://seclists.org/fulldisclosure/2022/May/4
Permissions Required https://launchpad.support.sap.com/#/notes/3056652
Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
Patch http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service...
Mailing List http://seclists.org/fulldisclosure/2022/May/4
Permissions Required https://launchpad.support.sap.com/#/notes/3056652
Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
48
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 8/34 · Low
Exposure 14/34 · Moderate