Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SAP NetWeaver AS for JAVA (Telnet Commands) by SAP SE

    CVE-2021-21485 (GCVE-0-2021-21485)

    Vulnerability from nvd – Published: 2021-04-13 18:44 – Updated: 2024-08-03 18:16
    VLAI
    Summary
    An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.
    CWE
    • Information Disclosure
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver AS for JAVA (Telnet Commands) Affected: ENGINEAPI 7.30, 7.31, 7.40, 7.50
    Affected: ESP_FRAMEWORK 7.10, 7.20, 7.30, 7.31, 7.40, 7.50
    Affected: SERVERCORE 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
    Affected: J2EE-FRMW 7.10, 7.20, 7.30, 7.31, 7.40, 7.50
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:16:22.530Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3001824"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver AS for JAVA (Telnet Commands)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "ENGINEAPI 7.30, 7.31, 7.40, 7.50"
                },
                {
                  "status": "affected",
                  "version": "ESP_FRAMEWORK 7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
                },
                {
                  "status": "affected",
                  "version": "SERVERCORE 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50"
                },
                {
                  "status": "affected",
                  "version": "J2EE-FRMW 7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-13T18:44:47.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3001824"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2021-21485",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver AS for JAVA (Telnet Commands)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "ENGINEAPI",
                                "version_value": "7.30, 7.31, 7.40, 7.50"
                              },
                              {
                                "version_name": "ESP_FRAMEWORK",
                                "version_value": "7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
                              },
                              {
                                "version_name": "SERVERCORE",
                                "version_value": "7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50"
                              },
                              {
                                "version_name": "J2EE-FRMW",
                                "version_value": "7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "7.4",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3001824",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3001824"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-21485",
        "datePublished": "2021-04-13T18:44:47.000Z",
        "dateReserved": "2020-12-30T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:16:22.530Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21485 (GCVE-0-2021-21485)

    Vulnerability from cvelistv5 – Published: 2021-04-13 18:44 – Updated: 2024-08-03 18:16
    VLAI
    Summary
    An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.
    CWE
    • Information Disclosure
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver AS for JAVA (Telnet Commands) Affected: ENGINEAPI 7.30, 7.31, 7.40, 7.50
    Affected: ESP_FRAMEWORK 7.10, 7.20, 7.30, 7.31, 7.40, 7.50
    Affected: SERVERCORE 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
    Affected: J2EE-FRMW 7.10, 7.20, 7.30, 7.31, 7.40, 7.50
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:16:22.530Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3001824"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver AS for JAVA (Telnet Commands)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "ENGINEAPI 7.30, 7.31, 7.40, 7.50"
                },
                {
                  "status": "affected",
                  "version": "ESP_FRAMEWORK 7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
                },
                {
                  "status": "affected",
                  "version": "SERVERCORE 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50"
                },
                {
                  "status": "affected",
                  "version": "J2EE-FRMW 7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-13T18:44:47.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3001824"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2021-21485",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver AS for JAVA (Telnet Commands)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "ENGINEAPI",
                                "version_value": "7.30, 7.31, 7.40, 7.50"
                              },
                              {
                                "version_name": "ESP_FRAMEWORK",
                                "version_value": "7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
                              },
                              {
                                "version_name": "SERVERCORE",
                                "version_value": "7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50"
                              },
                              {
                                "version_name": "J2EE-FRMW",
                                "version_value": "7.10, 7.20, 7.30, 7.31, 7.40, 7.50"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "7.4",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3001824",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3001824"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-21485",
        "datePublished": "2021-04-13T18:44:47.000Z",
        "dateReserved": "2020-12-30T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:16:22.530Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }