Rewterz Threat Advisory – Multiple Microsoft Windows Vulnerabilities
July 14, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
July 14, 2021Rewterz Threat Advisory – Multiple Microsoft Windows Vulnerabilities
July 14, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
July 14, 2021Severity
High
Analysis Summary
CVE-2021-33670
SAP NetWeaver Guided Procedures (SAP GP), a component of the Composite Application Framework (CAF) that provides role-based access to multiple backend systems. The missing authorization was identified in the central administration tool for GP and could lead to unauthorized access to and manipulation of data.
CVE-2021-33671
SAP NetWeaver AS for Java (HTTP Service) and exists because HTTP requests are not properly validated when monitoring data is stored. Thus, an attacker able to manipulate HTTP requests could exhaust system resources, causing a denial of service condition.
Impact
- Unauthorized access
- Denial of Service
Affected Vendors
SAP
Affected Products
- SAP NetWeaver version 7.10
- SAP NetWeaver version 7.20
- SAP NetWeaver version 7.30
- SAP NetWeaver version 7.31
- SAP NetWeaver version 7.40
- SAP NetWeaver version 7.50
- SAP NetWeaver AS for Java 7.10
- SAP NetWeaver AS for Java 7.11
- SAP NetWeaver AS for Java 7.20
- SAP NetWeaver AS for Java 7.30
- SAP NetWeaver AS for Java 7.31
- SAP NetWeaver AS for Java 7.40
- SAP NetWeaver AS for Java 7.50
Remediation
Refer to SAP advisory for the complete list of affected products and their respective patches.
https://www.sap.com/mena/services/advisory-development/business-transformation.html