Lucene search

[email protected]NVD:CVE-2021-27620

HistoryJun 09, 2021 - 2:15 p.m.

CVE-2021-27620

2021-06-0914:15:08

CWE-787

[email protected]

web.nvd.nist.gov

cve-2021-27620

sap internet graphics service

unauthenticated attacker

network request

input validation

memory corruption

system crash

system unavailability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

46.2%

JSON

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method Ups::AddPart() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Affected configurations

Nvd

Node

sapnetweaver_as_internet_graphics_serverMatch7.20

sapnetweaver_as_internet_graphics_serverMatch7.20ex2

sapnetweaver_as_internet_graphics_serverMatch7.20ext

sapnetweaver_as_internet_graphics_serverMatch7.53

sapnetweaver_as_internet_graphics_serverMatch7.81

VendorProductVersionCPE
sapnetweaver_as_internet_graphics_server7.20cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.20:*:*:*:*:*:*:*
sapnetweaver_as_internet_graphics_server7.20ex2cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.20ex2:*:*:*:*:*:*:*
sapnetweaver_as_internet_graphics_server7.20extcpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.20ext:*:*:*:*:*:*:*
sapnetweaver_as_internet_graphics_server7.53cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.53:*:*:*:*:*:*:*
sapnetweaver_as_internet_graphics_server7.81cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.81:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	netweaver_as_internet_graphics_server	7.20	cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.20:::::::*
sap	netweaver_as_internet_graphics_server	7.20ex2	cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.20ex2:::::::*
sap	netweaver_as_internet_graphics_server	7.20ext	cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.20ext:::::::*
sap	netweaver_as_internet_graphics_server	7.53	cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.53:::::::*
sap	netweaver_as_internet_graphics_server	7.81	cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.81:::::::*

References

launchpad.support.sap.com/#/notes/3021050

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

46.2%

JSON

Related for NVD:CVE-2021-27620

cve1 prion1 cvelist1