7.5

CVE-2021-27634

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCpicDtCreate () causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Data is provided by the National Vulnerability Database (NVD)
SAPNetweaver Abap Versionkernel_7.22
SAPNetweaver Abap Versionkernel_7.49
SAPNetweaver Abap Versionkernel_7.53
SAPNetweaver Abap Versionkernel_7.73
SAPNetweaver Abap Versionkernel_8.04
SAPNetweaver Abap Versionkrnl32nuc_7.22
SAPNetweaver Abap Versionkrnl32nuc_7.22ext
SAPNetweaver Abap Versionkrnl64nuc_7.22
SAPNetweaver Abap Versionkrnl64nuc_7.22ext
SAPNetweaver Abap Versionkrnl64nuc_7.49
SAPNetweaver Abap Versionkrnl64uc_7.22
SAPNetweaver Abap Versionkrnl64uc_7.22ext
SAPNetweaver Abap Versionkrnl64uc_7.49
SAPNetweaver Abap Versionkrnl64uc_7.53
SAPNetweaver Abap Versionkrnl64uc_7.73
SAPNetweaver Abap Versionkrnl64uc_8.04
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.21% 0.406
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
cna@sap.com 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://launchpad.support.sap.com/#/notes/3020209
Vendor Advisory
Permissions Required