ID CVE-2021-27625
Summary SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method IgsData::freeMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
Vulnerable Configurations
  • cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.20:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.20:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.20ext:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.20ext:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.20ex2:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.20ex2:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.53:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.53:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.81:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.81:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 31-10-2022 - 14:46)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
Last major update 31-10-2022 - 14:46
Published 09-06-2021 - 14:15
Last modified 31-10-2022 - 14:46
Back to Top