← Back

CVE-2021-27634

nvd nist
Published: Jun 9, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.9
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCpicDtCreate () causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Affected (16)

Products: Sap: Netweaver Abap
Sap
1 product
Netweaver Abap
Configuration A
16 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Netweaver Abap
Version kernel_7.22
Netweaver Abap
Version kernel_7.49
Netweaver Abap
Version kernel_7.53
Netweaver Abap
Version kernel_7.73
Netweaver Abap
Version kernel_8.04
Netweaver Abap
Version krnl32nuc_7.22
Netweaver Abap
Version krnl32nuc_7.22ext
Netweaver Abap
Version krnl64nuc_7.22
Netweaver Abap
Version krnl64nuc_7.22ext
Netweaver Abap
Version krnl64nuc_7.49
Netweaver Abap
Version krnl64uc_7.22
Netweaver Abap
Version krnl64uc_7.22ext
Netweaver Abap
Version krnl64uc_7.49
Netweaver Abap
Version krnl64uc_7.53
Netweaver Abap
Version krnl64uc_7.73
Netweaver Abap
Version krnl64uc_8.04

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory

Timeline

No history available yet.