CVE-2021-21485 is a vulnerability in SAP Netweaver Application Server Java
Published on April 13, 2021
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.
Products Associated with CVE-2021-21485
Want to know whenever a new CVE is published for SAP Netweaver Application Server Java? stack.watch will email you.
Affected Versions
SAP SE SAP NetWeaver AS for JAVA (Telnet Commands):- Version ENGINEAPI 7.30, 7.31, 7.40, 7.50 is affected.
- Version ESP_FRAMEWORK 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 is affected.
- Version SERVERCORE 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 is affected.
- Version J2EE-FRMW 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 is affected.
Exploit Probability
EPSS
0.27%
Percentile
50.50%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.