Vulnerabilities > CVE-2021-27626 - Out-of-bounds Write vulnerability in SAP Netweaver AS Internet Graphics Server

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

high complexity

sap

CWE-787

NVD

Published: 2021-06-09

Updated: 2022-10-31

Summary

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CMiniXMLParser::Parse() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Netweaver AS Internet Graphics Server 7.20 SAP Netweaver AS Internet Graphics Server 7.20Ext SAP Netweaver AS Internet Graphics Server 7.20Ex2 SAP Netweaver AS Internet Graphics Server 7.53 SAP Netweaver AS Internet Graphics Server 7.81	5

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References