How severe is CVE-2021-33690?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.9 out of 10.

What type of vulnerability is CVE-2021-33690?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2021-33690 - CRITICAL Severity | CVSS 9.9

Vulnerability Description

Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the server to perform proxy attacks on server by sending crafted queries. Due to this, the threat actor could completely compromise sensitive data residing on the Server and impact its availability.Note: The impact of this vulnerability depends on whether SAP NetWeaver Development Infrastructure (NWDI) runs on the intranet or internet. The CVSS score reflects the impact considering the worst-case scenario that it runs on the internet.

Related Vulnerabilities

CVE-2017-13667

CRITICAL

CVSS:9.9(Critical)

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.

CWE-9182017

CVE-2018-1789

CRITICAL

CVSS:9.9(Critical)

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939.

CWE-9182018

CVE-2021-32639

CRITICAL

CVSS:9.9(Critical)

Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the `RegisterPeerAction` endpoint and the `AddChildDire...

CWE-9182021

CVE-2024-0455

CRITICAL

CVSS:9.9(Critical)

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level (manager, admin, and when in single user) could put in the URL ``` http://169.254.169.254/lates...

CWE-9182024

CVE-2024-6784

HIGH

CVSS:9.9(Critical)

Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affected products: ABB ASPECT - Enterprise v3.0...

CWE-9182024

CVE-2025-29972

CRITICAL

CVSS:9.9(Critical)

Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.

CWE-9182025