Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-33663

Опубликовано: 09 июн. 2021
Источник: nvd
CVSS3: 5.8
CVSS3: 5.3
CVSS2: 5
EPSS Низкий

Описание

SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper restriction of I/O buffering into encrypted SMTP sessions over the network which can partially impact the integrity of the application.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.73:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.81:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.82:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.83:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.84:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl32nuc_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl32nuc_7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl32uc_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl32uc_7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.73:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_8.04:*:*:*:*:*:*:*

EPSS

Процентиль: 41%
0.00189
Низкий

5.8 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-276v-xm73-5p9c

CVSS3: 5.3
github
около 3 лет назад

SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper restriction of I/O buffering into encrypted SMTP sessions over the network which can partially impact the integrity of the application.

EPSS

Процентиль: 41%
0.00189
Низкий

5.8 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo