Rewterz Annual Threat Intelligence Report 2025 - Download Now

Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Microsoft Windows Vulnerabilities
July 14, 2021
Rewterz
Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
July 14, 2021

Rewterz Threat Advisory – Multiple SAP NetWeaver Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-33670

SAP NetWeaver Guided Procedures (SAP GP), a component of the Composite Application Framework (CAF) that provides role-based access to multiple backend systems. The missing authorization was identified in the central administration tool for GP and could lead to unauthorized access to and manipulation of data.

CVE-2021-33671

SAP NetWeaver AS for Java (HTTP Service) and exists because HTTP requests are not properly validated when monitoring data is stored. Thus, an attacker able to manipulate HTTP requests could exhaust system resources, causing a denial of service condition.

Impact

  • Unauthorized access
  • Denial of Service

Affected Vendors

SAP

Affected Products

  • SAP NetWeaver version 7.10
  • SAP NetWeaver version 7.20
  • SAP NetWeaver version 7.30
  • SAP NetWeaver version 7.31
  • SAP NetWeaver version 7.40
  • SAP NetWeaver version 7.50
  • SAP NetWeaver AS for Java 7.10
  • SAP NetWeaver AS for Java 7.11
  • SAP NetWeaver AS for Java 7.20
  • SAP NetWeaver AS for Java 7.30
  • SAP NetWeaver AS for Java 7.31
  • SAP NetWeaver AS for Java 7.40
  • SAP NetWeaver AS for Java 7.50

Remediation

Refer to SAP advisory for the complete list of affected products and their respective patches.

https://www.sap.com/mena/services/advisory-development/business-transformation.html