7.5

CVE-2021-27597

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method memmove() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAPNetweaver Abap Versionkernel_7.22
SAPNetweaver Abap Versionkernel_7.49
SAPNetweaver Abap Versionkernel_7.53
SAPNetweaver Abap Versionkernel_7.73
SAPNetweaver Abap Versionkernel_8.04
SAPNetweaver Abap Versionkrnl32nuc_7.22
SAPNetweaver Abap Versionkrnl32nuc_7.22ext
SAPNetweaver Abap Versionkrnl64nuc_7.22
SAPNetweaver Abap Versionkrnl64nuc_7.22ext
SAPNetweaver Abap Versionkrnl64nuc_7.49
SAPNetweaver Abap Versionkrnl64uc_7.22
SAPNetweaver Abap Versionkrnl64uc_7.22ext
SAPNetweaver Abap Versionkrnl64uc_7.49
SAPNetweaver Abap Versionkrnl64uc_7.53
SAPNetweaver Abap Versionkrnl64uc_7.73
SAPNetweaver Abap Versionkrnl64uc_8.04
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.482
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
cna@sap.com 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://launchpad.support.sap.com/#/notes/3020209
Vendor Advisory
Permissions Required