{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-27626", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "dateUpdated": "2024-08-03T21:26:10.613Z", "dateReserved": "2021-02-23T00:00:00", "datePublished": "2021-06-09T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2022-10-17T00:00:00"}, "descriptions": [{"lang": "en", "value": "SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CMiniXMLParser::Parse() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."}], "affected": [{"vendor": "SAP SE", "product": "SAP Internet Graphics Service", "versions": [{"version": "< 7.20", "status": "affected"}, {"version": "< 7.20EXT", "status": "affected"}, {"version": "< 7.53", "status": "affected"}, {"version": "< 7.20_EX2", "status": "affected"}, {"version": "< 7.81", "status": "affected"}]}], "references": [{"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"}, {"url": "https://launchpad.support.sap.com/#/notes/3021050"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "Improper Input Validation (CWE-787)", "cweId": "CWE-787"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:26:10.613Z"}, "title": "CVE Program Container", "references": [{"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999", "tags": ["x_transferred"]}, {"url": "https://launchpad.support.sap.com/#/notes/3021050", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.20:*:*:*:*:*:*:*", "matchCriteriaId": "F621BFF2-AE66-48CA-BE6E-ACD3BC66F64D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.20ex2:*:*:*:*:*:*:*", "matchCriteriaId": "51BBCF93-C8C0-4289-BA43-96D89F71CE4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.20ext:*:*:*:*:*:*:*", "matchCriteriaId": "E3E22C0E-5B96-42BC-B289-1A92A89EC07F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.53:*:*:*:*:*:*:*", "matchCriteriaId": "663C3B51-10E9-427A-B236-E576D0EF5FD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_as_internet_graphics_server:7.81:*:*:*:*:*:*:*", "matchCriteriaId": "64306F86-4406-4327-990E-A4238CE33ACD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CMiniXMLParser::Parse() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."}, {"lang": "es", "value": "SAP Internet Graphics Service, versiones - 7.20,7.20EXT, 7.53,7.20_EX2,7.81, permite a un atacante no autenticado despu\u00e9s de recuperar un valor de estado del sistema existente pueda enviar una petici\u00f3n IGS maliciosa a trav\u00e9s de una red que debido a una comprobaci\u00f3n insuficiente de entrada en el m\u00e9todo CMiniXMLParser:: Parse() que desencadenar\u00e1 un error de corrupci\u00f3n de la memoria interna en el sistema, causando el bloqueo del sistema y hacer que no est\u00e9 disponible.&#xa0;En este ataque, ning\u00fan dato del sistema puede ser visualizado o modificado"}], "id": "CVE-2021-27626", "lastModified": "2024-11-21T05:58:19.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "cna@sap.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-09T14:15:08.717", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/3021050"}, {"source": "cna@sap.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/3021050"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "cna@sap.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}