{ "id": "CVE-2021-40495", "sourceIdentifier": "cna@sap.com", "published": "2021-10-12T15:15:09.127", "lastModified": "2022-10-06T15:20:09.903", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform." }, { "lang": "es", "value": "Se presentan m\u00faltiples vulnerabilidades de denegaci\u00f3n de servicio en SAP NetWeaver Application Server for ABAP y ABAP Platform - versiones 740, 750, 751, 752, 753, 754, 755. Un atacante no autorizado puede usar el servicio p\u00fablico SICF /sap/public/bc/abap para reducir el rendimiento de SAP NetWeaver Application Server ABAP y ABAP Platform" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 3.9, "impactScore": 1.4 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*", "matchCriteriaId": "09A38B6E-03DC-4086-A307-542B35814E0E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*", "matchCriteriaId": "4651257F-7BFC-41AE-8E37-8C96F822CE58" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*", "matchCriteriaId": "EECB438D-D5CD-4483-934F-4C814A725A35" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*", "matchCriteriaId": "14A1CD95-14E1-438A-92FB-A0E47A88C59F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*", "matchCriteriaId": "4148303B-133A-4FD2-B546-DD86C5D0E7C1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*", "matchCriteriaId": "E51EF6BC-4C1C-4F1B-9873-D571BE3788F5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*", "matchCriteriaId": "424A3D68-0825-4A2C-BEB1-DC9A212A5E42" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*", "matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*", "matchCriteriaId": "7777AA80-1608-420E-B7D5-09ABECD51728" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*", "matchCriteriaId": "0539618A-1C4D-463F-B2BB-DD1C239C23EB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*", "matchCriteriaId": "62828DCD-F80E-4C7C-A988-EFEA06A5223E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*", "matchCriteriaId": "D9F38585-73AE-4DBB-A978-F0272DF8FB58" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*", "matchCriteriaId": "D416C064-BB8A-4230-A761-84A93E017F79" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*", "matchCriteriaId": "6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC" } ] } ] } ], "references": [ { "url": "https://launchpad.support.sap.com/#/notes/3099011", "source": "cna@sap.com", "tags": [ "Permissions Required" ] }, { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983", "source": "cna@sap.com", "tags": [ "Vendor Advisory" ] } ] }