Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-33684

SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low.

Published

2021-07-14T12:15:09.497

Last Modified

2024-11-21T06:09:21.680

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-787
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	netweaver_abap	7.21	Yes
Application	sap	netweaver_abap	7.21ext	Yes
Application	sap	netweaver_abap	7.22	Yes
Application	sap	netweaver_abap	7.22ext	Yes
Application	sap	netweaver_abap	7.49	Yes
Application	sap	netweaver_abap	7.53	Yes
Application	sap	netweaver_abap	7.77	Yes
Application	sap	netweaver_abap	7.81	Yes
Application	sap	netweaver_abap	kernel_8.04	Yes
Application	sap	netweaver_abap	krnl32nuc_7.21	Yes
Application	sap	netweaver_abap	krnl32uc_7.21	Yes
Application	sap	netweaver_abap	krnl64nuc_7.21	Yes
Application	sap	netweaver_abap	krnl64uc_8.04	Yes
Application	sap	netweaver_application_server_abap	7.21	Yes
Application	sap	netweaver_application_server_abap	7.21ext	Yes
Application	sap	netweaver_application_server_abap	7.22	Yes
Application	sap	netweaver_application_server_abap	7.22ext	Yes
Application	sap	netweaver_application_server_abap	7.49	Yes
Application	sap	netweaver_application_server_abap	7.53	Yes
Application	sap	netweaver_application_server_abap	7.77	Yes
Application	sap	netweaver_application_server_abap	7.81	Yes
Application	sap	netweaver_application_server_abap	kernel_8.04	Yes
Application	sap	netweaver_application_server_abap	krnl32nuc_7.21	Yes
Application	sap	netweaver_application_server_abap	krnl32uc_7.21	Yes
Application	sap	netweaver_application_server_abap	krnl64nuc_7.21	Yes
Application	sap	netweaver_application_server_abap	krnl64uc_8.04	Yes

References

https://launchpad.support.sap.com/#/notes/3032624 Permissions Required ([email protected])
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 Vendor Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/3032624 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)