CVE-2021-21488

Summary

Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver Knowledge Management< 7.01affected
SAP SESAP NetWeaver Knowledge Management< 7.02affected
SAP SESAP NetWeaver Knowledge Management< 7.30affected
SAP SESAP NetWeaver Knowledge Management< 7.31affected
SAP SESAP NetWeaver Knowledge Management< 7.40affected
SAP SESAP NetWeaver Knowledge Management< 7.50affected

Weaknesses

  • Insecure Deserialization

ADP Enrichment

CVE Program Container

Additional References

References