Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-27617

Опубликовано: 11 мая 2021
Источник: nvd
CVSS3: 4.9
CVSS3: 4.9
CVSS2: 4
EPSS Низкий

Описание

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-of-service conditions due to consumption of a large amount of system memory, thus highly impacting system availability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_process_integration:7.20:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*

EPSS

Процентиль: 43%
0.00209
Низкий

4.9 Medium

CVSS3

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

github логотип

GHSA-j8m5-m975-227f

CVSS3: 4.9
github
больше 3 лет назад

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-of-service conditions due to consumption of a large amount of system memory, thus highly impacting system availability.

EPSS

Процентиль: 43%
0.00209
Низкий

4.9 Medium

CVSS3

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-20