{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T14:01:15.342","vulnerabilities":[{"cve":{"id":"CVE-2021-33670","sourceIdentifier":"cna@sap.com","published":"2021-07-14T12:15:08.243","lastModified":"2024-11-21T06:09:19.560","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability."},{"lang":"es","value":"SAP NetWeaver AS for Java (Http Service Monitoring Filter), versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, permite a un atacante enviar múltiples peticiones HTTP con diferentes tipos de métodos, bloqueando así el filtro y haciendo que el servidor HTTP no esté disponible para otros usuarios legítimos, conllevando a una vulnerabilidad denegación de servicio"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV30":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_java:7.10:*:*:*:*:*:*:*","matchCriteriaId":"D60371A7-F8F4-46F8-9659-DD4EE84B81EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_java:7.11:*:*:*:*:*:*:*","matchCriteriaId":"C6B085AF-8CEE-4A87-B381-F36C989FB2A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_java:7.20:*:*:*:*:*:*:*","matchCriteriaId":"43A28C48-4325-4694-88B1-FEE46EBFB0A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:*","matchCriteriaId":"24A1E0B9-8C28-41BC-B050-237B5F929C9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:*","matchCriteriaId":"EEAE6C2A-821F-4123-BD56-0FDADF9D63C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*","matchCriteriaId":"F5308FCE-8B2C-4B4D-BEE7-3CF544570B68"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*","matchCriteriaId":"9C506445-3787-4BFF-A98B-7502A0F7CF80"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service.html","source":"cna@sap.com","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2022/May/4","source":"cna@sap.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/3056652","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/166965/SAP-NetWeaver-Java-Denial-Of-Service.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2022/May/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/3056652","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}