7.5

CVE-2021-27633

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCPIC() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAPNetweaver Abap Versionkernel_7.22
SAPNetweaver Abap Versionkernel_7.49
SAPNetweaver Abap Versionkernel_7.53
SAPNetweaver Abap Versionkernel_7.73
SAPNetweaver Abap Versionkernel_8.04
SAPNetweaver Abap Versionkrnl32nuc_7.22
SAPNetweaver Abap Versionkrnl32nuc_7.22ext
SAPNetweaver Abap Versionkrnl64nuc_7.22
SAPNetweaver Abap Versionkrnl64nuc_7.22ext
SAPNetweaver Abap Versionkrnl64nuc_7.49
SAPNetweaver Abap Versionkrnl64uc_7.22
SAPNetweaver Abap Versionkrnl64uc_7.22ext
SAPNetweaver Abap Versionkrnl64uc_7.49
SAPNetweaver Abap Versionkrnl64uc_7.53
SAPNetweaver Abap Versionkrnl64uc_7.73
SAPNetweaver Abap Versionkrnl64uc_8.04
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.482
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
cna@sap.com 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://launchpad.support.sap.com/#/notes/3020209
Vendor Advisory
Permissions Required