Vulnerability Description
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the server to perform proxy attacks on server by sending crafted queries. Due to this, the threat actor could completely compromise sensitive data residing on the Server and impact its availability.Note: The impact of this vulnerability depends on whether SAP NetWeaver Development Infrastructure (NWDI) runs on the intranet or internet. The CVSS score reflects the impact considering the worst-case scenario that it runs on the internet.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Development Infrastructure | 7.11 |
Related Weaknesses (CWE)
References
- https://launchpad.support.sap.com/#/notes/3072955Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806PatchVendor Advisory
- https://launchpad.support.sap.com/#/notes/3072955Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806PatchVendor Advisory
FAQ
What is CVE-2021-33690?
CVE-2021-33690 is a vulnerability with a CVSS score of 9.9 (CRITICAL). Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeave...
How severe is CVE-2021-33690?
CVE-2021-33690 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-33690?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver Development Infrastructure.