Description

SAP NetWeaver Development Infrastructure is vulnerable to an SSRF vulnerability. An attacker could exploit this vulnerability to compromise the server.

Remediation

Upgrade to the latest version of SAP DI

References

CVE-2021-33690 Detail

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Related Vulnerabilities

Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102)

WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2016-4029)

WordPress Plugin Canto Multiple Server-Side Request Forgery Vulnerabilities (1.7.0)

Apache Log4j socket receiver deserialization vulnerability

OpenCms Chemistry Solr XML External Entity (XXE) vulnerability (CVE-2023-42346)

Severity

High

Classification

CVE-2021-33690 CWE-918 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Tags

Acumonitor SSRF