Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/2983436 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
17 Mar 2021, 18:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sap:netweaver_knowledge_management:7.31:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_knowledge_management:7.01:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_knowledge_management:7.40:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_knowledge_management:7.02:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_knowledge_management:7.50:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_knowledge_management:7.30:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
CWE | CWE-502 | |
References | (MISC) https://launchpad.support.sap.com/#/notes/2983436 - Permissions Required, Vendor Advisory | |
References | (MISC) https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 - Vendor Advisory |
09 Mar 2021, 15:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-09 15:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-21488
Mitre link : CVE-2021-21488
CVE.ORG link : CVE-2021-21488
JSON object : View
Products Affected
sap
- netweaver_knowledge_management
CWE
CWE-502
Deserialization of Untrusted Data