Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
SAP NW DI SSRF vulnerability (CVE-2021-33690) - Vulnerability Database

SAP NW DI SSRF vulnerability (CVE-2021-33690)

Description

SAP NetWeaver Development Infrastructure is vulnerable to an SSRF vulnerability. An attacker could exploit this vulnerability to compromise the server.

Remediation

Upgrade to the latest version of SAP DI

References

CVE-2021-33690 Detail
[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Related Vulnerabilities

HTTP/2 pseudo-header server side request forgery High
Common tags: Acumonitor SSRF
Oracle Weblogic T3 XXE (CVE-2019-2888) High
Common tags: Acumonitor SSRF
Paperclip gem SSRF (Server side request forgery) High
Common tags: Acumonitor SSRF
Reverse proxy misrouting High
Common tags: Acumonitor SSRF
Unvalidated JWT jku parameter High
Common tags: Acumonitor SSRF

Severity

High

Classification

CVE-2021-33690
CWE-918
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Tags

Acumonitor
SSRF