CVE-2021-33684 Information

Jun 07, 2022 cve

Description

SAP NetWeaver AS ABAP and ABAP Platform versions - KRNL32NUC 7.21 7.21EXT 7.22 7.22EXT KRNL32UC 7.21 7.21EXT 7.22 7.22EXT KRNL64NUC 7.21 7.21EXT 7.22 7.22EXT 7.49 KRNL64UC 8.04 7.21 7.21EXT 7.22 7.22EXT 7.49 7.53 KERNEL 8.04 7.21 7.21EXT 7.22 7.22EXT 7.49 7.53 7.77 7.81 7.84 allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Reference

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 https://launchpad.support.sap.com/#/notes/3032624

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

LOW

Base Severity

5.3

Share on: