CVE-2021-27623 Information
Jun 07, 2022
cve
Description
SAP Internet Graphics Service versions - 7.207.20EXT7.537.20_EX27.81 allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CXmlUtility::CheckLength() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack no data in the system can be viewed or modified.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Reference
https://launchpad.support.sap.com/#/notes/3021050 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
5.9
Share on: