{ "id": "CVE-2021-33684", "sourceIdentifier": "cna@sap.com", "published": "2021-07-14T12:15:09.497", "lastModified": "2022-10-06T15:20:09.903", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low." }, { "lang": "es", "value": "SAP NetWeaver AS ABAP y ABAP Platform, versiones - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7. 53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, permite a un atacante enviar contenido excesivamente largo en el tipo de petici\u00f3n RFC, bloqueando as\u00ed el proceso de trabajo correspondiente debido a una vulnerabilidad de corrupci\u00f3n de memoria. El proceso de trabajo intentar\u00e1 reiniciarse por s\u00ed mismo despu\u00e9s del bloqueo y, por lo tanto, el impacto en la disponibilidad es bajo" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 3.9, "impactScore": 1.4 } ], "cvssMetricV30": [ { "source": "cna@sap.com", "type": "Secondary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 3.9, "impactScore": 1.4 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-787" } ] }, { "source": "cna@sap.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-787" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:7.21:*:*:*:*:*:*:*", "matchCriteriaId": "A46A215F-D013-4E5D-B597-EEE7FD65C27E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:7.21ext:*:*:*:*:*:*:*", "matchCriteriaId": "125D552D-24DF-4BE6-9DA6-55177DFA6ADD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:7.22:*:*:*:*:*:*:*", "matchCriteriaId": "FFBA8C16-AD2E-4046-A22D-B8AB2A38DAD0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "A701B328-CC8D-4F10-8CDB-47883CAAC116" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:7.49:*:*:*:*:*:*:*", "matchCriteriaId": "699E6EA8-1AA9-4C0E-A373-7E2F93E2F861" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:7.53:*:*:*:*:*:*:*", "matchCriteriaId": "8A748DC7-E701-4E5B-9918-5CA6D7F52899" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:7.77:*:*:*:*:*:*:*", "matchCriteriaId": "9E438D5E-F211-4361-AC2D-E86A7CE88026" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:7.81:*:*:*:*:*:*:*", "matchCriteriaId": "87B7FA96-2BA0-4328-8C97-31129E72D779" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_8.04:*:*:*:*:*:*:*", "matchCriteriaId": "7679B78A-CF53-42FA-8A96-319F13B40A8F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:krnl32nuc_7.21:*:*:*:*:*:*:*", "matchCriteriaId": "3BA319BA-6236-4D24-B6D4-1F8159944002" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:krnl32uc_7.21:*:*:*:*:*:*:*", "matchCriteriaId": "4C568E18-9F51-47C4-B190-75E2ADF9981C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.21:*:*:*:*:*:*:*", "matchCriteriaId": "C318C2FD-3521-4DA9-8934-693D3DFC137E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_8.04:*:*:*:*:*:*:*", "matchCriteriaId": "6DCEFFCC-4529-4A75-A146-C28A4CA80DC3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.21:*:*:*:*:*:*:*", "matchCriteriaId": "F36D87C9-12A9-4D37-9BBB-E22D8A054341" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.21ext:*:*:*:*:*:*:*", "matchCriteriaId": "AA1D3FB7-DE15-4F23-908F-DDEAAB3C577C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.22:*:*:*:*:*:*:*", "matchCriteriaId": "16B3C589-DF11-459D-8A3F-1A1FD2265022" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "AF64539B-0DE2-4076-91B9-F03F4DDFAE2F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.49:*:*:*:*:*:*:*", "matchCriteriaId": "9FBC5614-7C3F-4AD8-8640-0499B8B03C64" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.53:*:*:*:*:*:*:*", "matchCriteriaId": "9E8CB869-C342-4362-9A4A-298F0B5F4003" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.77:*:*:*:*:*:*:*", "matchCriteriaId": "89E7439E-F4D6-45EA-99FC-C9B34D4D590E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.81:*:*:*:*:*:*:*", "matchCriteriaId": "252DCEF2-8DDF-467F-8869-B69A0A3426F8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:*", "matchCriteriaId": "379FDFC8-947E-4D09-A9DD-4B3F7481F648" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl32nuc_7.21:*:*:*:*:*:*:*", "matchCriteriaId": "5A3C05E4-BD11-4E9C-8476-70AF2A236056" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl32uc_7.21:*:*:*:*:*:*:*", "matchCriteriaId": "674E3638-1270-4AEA-ABA3-8CD116FFEE48" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.21:*:*:*:*:*:*:*", "matchCriteriaId": "94631E8C-631B-4972-A30F-BA93E58005B4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_8.04:*:*:*:*:*:*:*", "matchCriteriaId": "88CD861F-08FB-4CE1-923C-79D1480A2259" } ] } ] } ], "references": [ { "url": "https://launchpad.support.sap.com/#/notes/3032624", "source": "cna@sap.com", "tags": [ "Permissions Required" ] }, { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506", "source": "cna@sap.com", "tags": [ "Vendor Advisory" ] } ] }