SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/3027937 | Permissions Required |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 | Vendor Advisory |
https://launchpad.support.sap.com/#/notes/3027937 | Permissions Required |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://launchpad.support.sap.com/#/notes/3027937 - Permissions Required | |
References | () https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 - Vendor Advisory |
Information
Published : 2021-04-13 19:15
Updated : 2024-11-21 05:58
NVD link : CVE-2021-27598
Mitre link : CVE-2021-27598
CVE.ORG link : CVE-2021-27598
JSON object : View
Products Affected
sap
- netweaver_application_server_java