1. Home
  2. CVE Database
  3. CVE-2021-27635
MEDIUM · 6.5

CVE-2021-27635

SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the applic...

Vulnerability Description

SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise confidentiality by allowing them to read any file on the filesystem or fully compromise availability by causing the system to crash. The attack cannot be used to change any data so that there is no compromise as to integrity.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
SapNetweaver Application Server For Java7.20

Related Weaknesses (CWE)

CWE-611

References

FAQ

What is CVE-2021-27635?

CVE-2021-27635 is a vulnerability with a CVSS score of 6.5 (MEDIUM). SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the applic...

How severe is CVE-2021-27635?

CVE-2021-27635 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-27635?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver Application Server For Java.