CVE-2021-21488

MEDIUM

SAP Netweaver Knowledge Management - Insecure Deserialization

Title source: rule

Description

Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability.

References (2)

Scores

CVSS v3 6.5
EPSS 0.0065
EPSS Percentile 70.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-502
Status published

Affected Products (6)

sap/netweaver_knowledge_management
sap/netweaver_knowledge_management
sap/netweaver_knowledge_management
sap/netweaver_knowledge_management
sap/netweaver_knowledge_management
sap/netweaver_knowledge_management

Timeline

Published Mar 09, 2021
Tracked Since Feb 18, 2026