CVE-2021-33690
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the server to perform proxy attacks on server by sending crafted queries. Due to this, the threat actor could completely compromise sensitive data residing on the Server and impact its availability.Note: The impact of this vulnerability depends on whether SAP NetWeaver Development Infrastructure (NWDI) runs on the intranet or internet. The CVSS score reflects the impact considering the worst-case scenario that it runs on the internet.
Se ha detectado una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en SAP NetWeaver Development Infrastructure Component Build Service versiones - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP NetWeaver Development Infrastructure Component Build Service permite a un actor de la amenaza que tenga acceso al servidor llevar a cabo ataques proxy en el servidor mediante el envío de consultas diseñadas. Debido a esto, el actor de la amenaza podría comprometer completamente los datos confidenciales que residen en el servidor e impactar en su disponibilidad. Nota: El impacto de esta vulnerabilidad depende de si SAP NetWeaver Development Infrastructure (NWDI) se ejecuta en la intranet o en Internet. La puntuación CVSS refleja el impacto considerando el peor de los casos en que se ejecuta en Internet
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-28 CVE Reserved
- 2021-09-15 CVE Published
- 2023-06-01 First Exploit
- 2024-08-03 CVE Updated
- 2024-09-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/redrays-io/CVE-2021-33690 | 2023-06-01 |
| URL | Date | SRC |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806 | 2021-09-28 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Netweaver Development Infrastructure Search vendor "Sap" for product "Netweaver Development Infrastructure" | 7.11 Search vendor "Sap" for product "Netweaver Development Infrastructure" and version "7.11" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Development Infrastructure Search vendor "Sap" for product "Netweaver Development Infrastructure" | 7.20 Search vendor "Sap" for product "Netweaver Development Infrastructure" and version "7.20" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Development Infrastructure Search vendor "Sap" for product "Netweaver Development Infrastructure" | 7.30 Search vendor "Sap" for product "Netweaver Development Infrastructure" and version "7.30" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Development Infrastructure Search vendor "Sap" for product "Netweaver Development Infrastructure" | 7.31 Search vendor "Sap" for product "Netweaver Development Infrastructure" and version "7.31" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Development Infrastructure Search vendor "Sap" for product "Netweaver Development Infrastructure" | 7.40 Search vendor "Sap" for product "Netweaver Development Infrastructure" and version "7.40" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Development Infrastructure Search vendor "Sap" for product "Netweaver Development Infrastructure" | 7.50 Search vendor "Sap" for product "Netweaver Development Infrastructure" and version "7.50" | - |
Affected
| ||||||