CVE-2021-27598

Summary

SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS for JAVA (Customer Usage Provisioning Servlet)< 7.31affected
SAP SESAP NetWeaver AS for JAVA (Customer Usage Provisioning Servlet)< 7.40affected
SAP SESAP NetWeaver AS for JAVA (Customer Usage Provisioning Servlet)< 7.50affected

Weaknesses

  • CWE-284: Improper Access Control (CWE-284)

ADP Enrichment

CVE Program Container

Additional References

References