Rewterz Threat Advisory – CVE-2021-21484 – SAP HANA security bypass
March 10, 2021Rewterz Threat Advisory – CVE-2021-27077 – Microsoft Windows privilege escalation
March 10, 2021Rewterz Threat Advisory – CVE-2021-21484 – SAP HANA security bypass
March 10, 2021Rewterz Threat Advisory – CVE-2021-27077 – Microsoft Windows privilege escalation
March 10, 2021Severity
High
Analysis Summary
CVE-2021-21488
SAP NetWeaver Knowledge Management is vulnerable to a denial of service, caused by an insecure deserialization flaw. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
Impact
Denial of service
Affected Vendors
SAP
Affected Products
- SAP NetWeaver Knowledge Management 7.01
- SAP NetWeaver Knowledge Management 7.02
- SAP NetWeaver Knowledge Management 7.30
- SAP NetWeaver Knowledge Management 7.31
- SAP NetWeaver Knowledge Management 7.40
- SAP NetWeaver Knowledge Management 7.50
Remediation
Refer to SAP SAP note 2983436 for patch information.