CVE-2021-33689 is a vulnerability in SAP Netweaver Application Server Java
Published on July 14, 2021
When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted.
Weakness Type
Insufficient Logging
When a security-critical event occurs, the software either does not record the event or omits important details about the event when logging it. When security-critical events are not logged properly, such as a failed login attempt, this can make malicious behavior more difficult to detect and may hinder forensic analysis after an attack succeeds.
Products Associated with CVE-2021-33689
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-33689 are published in SAP Netweaver Application Server Java:
Affected Versions
SAP SE SAP NetWeaver AS JAVA (Administrator applications) Version < 7.50 is affected by CVE-2021-33689Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.