CVE-2021-27589

Опубликовано: 09 мар. 2021

Источник: nvd

CVSS3: 4.3

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

When a user opens manipulated Scalable Vector Graphics (.SVG) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Ссылки

https://launchpad.support.sap.com/#/notes/3027758
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-306/
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/3027758
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-306/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:3d_visual_enterprise_viewer:9:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00185

Низкий

4.3 Medium

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-3c3f-2h7p-qwc8

github

больше 3 лет назад

EPSS

Процентиль: 40%

0.00185

Низкий

4.3 Medium

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo