CVE-2021-37535

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server Java (JMS Connector Service) versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50

Description The issue is related to the JMS Connector Service in SAP NetWeaver Java Application Server, where there are shortcomings in the authorization mechanism. This could allow a remote attacker to bypass existing security restrictions or execute arbitrary code by sending a specially crafted request. The problem arises because the service does not perform necessary authorization checks for user privileges.

Recommendations For versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, consider disabling the JMS Connector Service until a patch is available to prevent potential exploitation. Restrict access to the JMS Connector Service to minimize the risk of unauthorized access. Apply necessary configuration changes to enforce proper authorization checks for user privileges, as recommended by SAP. At the moment, there is no information about a newer version that contains a fix for this vulnerability.