Vulnerability Name:

CVE-2021-38181 (CCN-211192)

Assigned:2021-10-12
Published:2021-10-12
Updated:2022-10-06
Summary:SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2021-38181

Source: XF
Type: UNKNOWN
sap-cve202138181-dos(211192)

Source: CCN
Type: SAP Web site
SAP Support Note 3080710

Source: MISC
Type: Permissions Required
https://launchpad.support.sap.com/#/notes/3080710

Source: CCN
Type: SAP Security Patch Day - October 2021
SAP Security Patch Day - October 2021

Source: MISC
Type: Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_abap:700:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_abap:701:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_abap:702:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_abap:730:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_abap:731:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_abap:740:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_abap:750:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_abap:751:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_abap:752:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_abap:753:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_abap:754:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_abap:755:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_abap:756:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*
  • OR cpe:/a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sap netweaver application server abap 702
    sap netweaver application server abap 750
    sap netweaver application server abap 752
    sap netweaver application server abap 753
    sap netweaver application server abap 754
    sap netweaver application server abap 755
    sap netweaver abap 700
    sap netweaver abap 701
    sap netweaver abap 702
    sap netweaver abap 730
    sap netweaver abap 731
    sap netweaver abap 740
    sap netweaver abap 750
    sap netweaver abap 751
    sap netweaver abap 752
    sap netweaver abap 753
    sap netweaver abap 754
    sap netweaver abap 755
    sap netweaver abap 756
    sap netweaver application server abap 700
    sap netweaver application server abap 701
    sap netweaver application server abap 730
    sap netweaver application server abap 731
    sap netweaver application server abap 740
    sap netweaver application server abap 751
    sap netweaver application server abap 756