Vulnerabilities > SAP > Netweaver AS Internet Graphics Server

DATE CVE VULNERABILITY TITLE RISK
2021-06-09 CVE-2021-27620 Out-of-bounds Write vulnerability in SAP Netweaver AS Internet Graphics Server
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method Ups::AddPart() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.
network
high complexity
sap CWE-787
5.9
2021-06-09 CVE-2021-27622 Out-of-bounds Write vulnerability in SAP Netweaver AS Internet Graphics Server
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CDrawRaster::LoadImageFromMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.
network
high complexity
sap CWE-787
5.9
2021-06-09 CVE-2021-27623 Out-of-bounds Write vulnerability in SAP Netweaver AS Internet Graphics Server
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CXmlUtility::CheckLength() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.
network
high complexity
sap CWE-787
5.9
2021-06-09 CVE-2021-27624 Out-of-bounds Write vulnerability in SAP Netweaver AS Internet Graphics Server
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CiXMLIStreamRawBuffer::readRaw () which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.
network
high complexity
sap CWE-787
5.9
2021-06-09 CVE-2021-27625 Out-of-bounds Write vulnerability in SAP Netweaver AS Internet Graphics Server
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method IgsData::freeMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.
network
high complexity
sap CWE-787
5.9
2021-06-09 CVE-2021-27626 Out-of-bounds Write vulnerability in SAP Netweaver AS Internet Graphics Server
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CMiniXMLParser::Parse() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.
network
high complexity
sap CWE-787
5.9
2021-06-09 CVE-2021-27627 Out-of-bounds Write vulnerability in SAP Netweaver AS Internet Graphics Server
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method ChartInterpreter::DoIt() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.
network
high complexity
sap CWE-787
5.9