← Back

CVE-2021-27620

nvd nist
Published: Jun 9, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.9
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method Ups::AddPart() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Affected (5)

Sap
1 product
Netweaver As Internet Graphics Server
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Netweaver As Internet Graphics Server
Version 7.20
Netweaver As Internet Graphics Server
Version 7.20ex2
Netweaver As Internet Graphics Server
Version 7.20ext
Netweaver As Internet Graphics Server
Version 7.53
Netweaver As Internet Graphics Server
Version 7.81

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory

Timeline

No history available yet.