Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-33684

Опубликовано: 14 июл. 2021
Источник: nvd
CVSS3: 5.3
CVSS3: 5.3
CVSS2: 5
EPSS Низкий

Описание

SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:netweaver_abap:7.21:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:7.21ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:7.77:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:7.81:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:kernel_8.04:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:krnl32nuc_7.21:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:krnl32uc_7.21:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.21:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:krnl64uc_8.04:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:7.21:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:7.21ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:7.77:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:7.81:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl32nuc_7.21:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl32uc_7.21:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.21:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_8.04:*:*:*:*:*:*:*

EPSS

Процентиль: 40%
0.00182
Низкий

5.3 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-787
CWE-787

Связанные уязвимости

github логотип

GHSA-69qv-phc7-2vh6

CVSS3: 5.3
github
больше 3 лет назад

SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low.

EPSS

Процентиль: 40%
0.00182
Низкий

5.3 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-787
CWE-787