{"containers": {"cna": {"affected": [{"product": "SAP NetWeaver AS ABAP and ABAP Platform", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< KRNL32NUC 7.21"}, {"status": "affected", "version": "< 7.21EXT"}, {"status": "affected", "version": "< 7.22"}, {"status": "affected", "version": "< 7.22EXT"}, {"status": "affected", "version": "< KRNL32UC 7.21"}, {"status": "affected", "version": "< KRNL64NUC 7.21"}, {"status": "affected", "version": "< 7.49"}, {"status": "affected", "version": "< KRNL64UC 8.04"}, {"status": "affected", "version": "< 7.21"}, {"status": "affected", "version": "< 7.53"}, {"status": "affected", "version": "< KERNEL 8.04"}, {"status": "affected", "version": "< 7.77"}, {"status": "affected", "version": "< 7.81"}, {"status": "affected", "version": "< 7.84"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "Memory Corruption (CWE-787)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-14T11:04:32", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/3032624"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2021-33684", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP NetWeaver AS ABAP and ABAP Platform", "version": {"version_data": [{"version_name": "<", "version_value": "KRNL32NUC 7.21"}, {"version_name": "<", "version_value": "7.21EXT"}, {"version_name": "<", "version_value": "7.22"}, {"version_name": "<", "version_value": "7.22EXT"}, {"version_name": "<", "version_value": "KRNL32UC 7.21"}, {"version_name": "<", "version_value": "7.21EXT"}, {"version_name": "<", "version_value": "7.22"}, {"version_name": "<", "version_value": "7.22EXT"}, {"version_name": "<", "version_value": "KRNL64NUC 7.21"}, {"version_name": "<", "version_value": "7.21EXT"}, {"version_name": "<", "version_value": "7.22"}, {"version_name": "<", "version_value": "7.22EXT"}, {"version_name": "<", "version_value": "7.49"}, {"version_name": "<", "version_value": "KRNL64UC 8.04"}, {"version_name": "<", "version_value": "7.21"}, {"version_name": "<", "version_value": "7.21EXT"}, {"version_name": "<", "version_value": "7.22"}, {"version_name": "<", "version_value": "7.22EXT"}, {"version_name": "<", "version_value": "7.49"}, {"version_name": "<", "version_value": "7.53"}, {"version_name": "<", "version_value": "KERNEL 8.04"}, {"version_name": "<", "version_value": "7.21"}, {"version_name": "<", "version_value": "7.21EXT"}, {"version_name": "<", "version_value": "7.22"}, {"version_name": "<", "version_value": "7.22EXT"}, {"version_name": "<", "version_value": "7.49"}, {"version_name": "<", "version_value": "7.53"}, {"version_name": "<", "version_value": "7.77"}, {"version_name": "<", "version_value": "7.81"}, {"version_name": "<", "version_value": "7.84"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low."}]}, "impact": {"cvss": {"baseScore": "5.3", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Memory Corruption (CWE-787)"}]}]}, "references": {"reference_data": [{"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"}, {"name": "https://launchpad.support.sap.com/#/notes/3032624", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3032624"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:58:22.539Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/3032624"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2021-33684", "datePublished": "2021-07-14T11:04:32", "dateReserved": "2021-05-28T00:00:00", "dateUpdated": "2024-08-03T23:58:22.539Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_abap:7.21:*:*:*:*:*:*:*", "matchCriteriaId": "A46A215F-D013-4E5D-B597-EEE7FD65C27E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.21ext:*:*:*:*:*:*:*", "matchCriteriaId": "125D552D-24DF-4BE6-9DA6-55177DFA6ADD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.22:*:*:*:*:*:*:*", "matchCriteriaId": "FFBA8C16-AD2E-4046-A22D-B8AB2A38DAD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "A701B328-CC8D-4F10-8CDB-47883CAAC116", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.49:*:*:*:*:*:*:*", "matchCriteriaId": "699E6EA8-1AA9-4C0E-A373-7E2F93E2F861", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.53:*:*:*:*:*:*:*", "matchCriteriaId": "8A748DC7-E701-4E5B-9918-5CA6D7F52899", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.77:*:*:*:*:*:*:*", "matchCriteriaId": "9E438D5E-F211-4361-AC2D-E86A7CE88026", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.81:*:*:*:*:*:*:*", "matchCriteriaId": "87B7FA96-2BA0-4328-8C97-31129E72D779", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_8.04:*:*:*:*:*:*:*", "matchCriteriaId": "7679B78A-CF53-42FA-8A96-319F13B40A8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl32nuc_7.21:*:*:*:*:*:*:*", "matchCriteriaId": "3BA319BA-6236-4D24-B6D4-1F8159944002", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl32uc_7.21:*:*:*:*:*:*:*", "matchCriteriaId": "4C568E18-9F51-47C4-B190-75E2ADF9981C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.21:*:*:*:*:*:*:*", "matchCriteriaId": "C318C2FD-3521-4DA9-8934-693D3DFC137E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_8.04:*:*:*:*:*:*:*", "matchCriteriaId": "6DCEFFCC-4529-4A75-A146-C28A4CA80DC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.21:*:*:*:*:*:*:*", "matchCriteriaId": "F36D87C9-12A9-4D37-9BBB-E22D8A054341", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.21ext:*:*:*:*:*:*:*", "matchCriteriaId": "AA1D3FB7-DE15-4F23-908F-DDEAAB3C577C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.22:*:*:*:*:*:*:*", "matchCriteriaId": "16B3C589-DF11-459D-8A3F-1A1FD2265022", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "AF64539B-0DE2-4076-91B9-F03F4DDFAE2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.49:*:*:*:*:*:*:*", "matchCriteriaId": "9FBC5614-7C3F-4AD8-8640-0499B8B03C64", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.53:*:*:*:*:*:*:*", "matchCriteriaId": "9E8CB869-C342-4362-9A4A-298F0B5F4003", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.77:*:*:*:*:*:*:*", "matchCriteriaId": "89E7439E-F4D6-45EA-99FC-C9B34D4D590E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.81:*:*:*:*:*:*:*", "matchCriteriaId": "252DCEF2-8DDF-467F-8869-B69A0A3426F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:*", "matchCriteriaId": "379FDFC8-947E-4D09-A9DD-4B3F7481F648", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl32nuc_7.21:*:*:*:*:*:*:*", "matchCriteriaId": "5A3C05E4-BD11-4E9C-8476-70AF2A236056", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl32uc_7.21:*:*:*:*:*:*:*", "matchCriteriaId": "674E3638-1270-4AEA-ABA3-8CD116FFEE48", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.21:*:*:*:*:*:*:*", "matchCriteriaId": "94631E8C-631B-4972-A30F-BA93E58005B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_8.04:*:*:*:*:*:*:*", "matchCriteriaId": "88CD861F-08FB-4CE1-923C-79D1480A2259", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low."}, {"lang": "es", "value": "SAP NetWeaver AS ABAP y ABAP Platform, versiones - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7. 53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, permite a un atacante enviar contenido excesivamente largo en el tipo de petici\u00f3n RFC, bloqueando as\u00ed el proceso de trabajo correspondiente debido a una vulnerabilidad de corrupci\u00f3n de memoria. El proceso de trabajo intentar\u00e1 reiniciarse por s\u00ed mismo despu\u00e9s del bloqueo y, por lo tanto, el impacto en la disponibilidad es bajo"}], "id": "CVE-2021-33684", "lastModified": "2022-10-06T15:20:09.903", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@sap.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-14T12:15:09.497", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://launchpad.support.sap.com/#/notes/3032624"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "cna@sap.com", "type": "Secondary"}]}

{}