CVE-2021-21493 Information

Description

When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9 the application crashes and becomes temporarily unavailable to the user until restart of the application.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Reference

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 https://launchpad.support.sap.com/#/notes/3027758 https://www.zerodayinitiative.com/advisories/ZDI-21-305/ https://www.zerodayinitiative.com/advisories/ZDI-21-307/ https://www.zerodayinitiative.com/advisories/ZDI-21-308/ https://www.zerodayinitiative.com/advisories/ZDI-21-309/ https://www.zerodayinitiative.com/advisories/ZDI-21-297/ https://www.zerodayinitiative.com/advisories/ZDI-21-289/ https://www.zerodayinitiative.com/advisories/ZDI-21-300/ https://www.zerodayinitiative.com/advisories/ZDI-21-301/ https://www.zerodayinitiative.com/advisories/ZDI-21-302/ https://www.zerodayinitiative.com/advisories/ZDI-21-303/ https://www.zerodayinitiative.com/advisories/ZDI-21-304/ https://www.zerodayinitiative.com/advisories/ZDI-21-290/ https://www.zerodayinitiative.com/advisories/ZDI-21-291/ https://www.zerodayinitiative.com/advisories/ZDI-21-293/ https://www.zerodayinitiative.com/advisories/ZDI-21-295/ https://www.zerodayinitiative.com/advisories/ZDI-21-296/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

LOW

Base Severity

3.3