7.5
CVE-2021-27633
- EPSS 0.28%
- Published 09.06.2021 14:15:09
- Last modified 21.11.2024 05:58:20
- Source cna@sap.com
- Teams watchlist Login
- Open Login
SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCPIC() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Netweaver Abap Versionkernel_7.22
SAP ≫ Netweaver Abap Versionkernel_7.49
SAP ≫ Netweaver Abap Versionkernel_7.53
SAP ≫ Netweaver Abap Versionkernel_7.73
SAP ≫ Netweaver Abap Versionkernel_8.04
SAP ≫ Netweaver Abap Versionkrnl32nuc_7.22
SAP ≫ Netweaver Abap Versionkrnl32nuc_7.22ext
SAP ≫ Netweaver Abap Versionkrnl64nuc_7.22
SAP ≫ Netweaver Abap Versionkrnl64nuc_7.22ext
SAP ≫ Netweaver Abap Versionkrnl64nuc_7.49
SAP ≫ Netweaver Abap Versionkrnl64uc_7.22
SAP ≫ Netweaver Abap Versionkrnl64uc_7.22ext
SAP ≫ Netweaver Abap Versionkrnl64uc_7.49
SAP ≫ Netweaver Abap Versionkrnl64uc_7.53
SAP ≫ Netweaver Abap Versionkrnl64uc_7.73
SAP ≫ Netweaver Abap Versionkrnl64uc_8.04
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.482 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| cna@sap.com | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.