Description

SAP NetWeaver Development Infrastructure is vulnerable to an SSRF vulnerability. An attacker could exploit this vulnerability to compromise the server.

Remediation

Upgrade to the latest version of SAP DI

References

CVE-2021-33690 Detail

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Related Vulnerabilities

Ext JS arbitrary file read

WordPress Plugin Popup Builder-Create highly converting, mobile friendly marketing popups Server-Side Request Forgery (4.2.5)

Email Header Injection

ManageEngine Desktop Central Deserialization RCE (CVE-2020-10189)

WordPress Plugin W3 Total Cache Multiple Vulnerabilities (0.9.4.1)

Severity

High

Classification

CVE-2021-33690 CWE-918 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Tags

Acumonitor SSRF