CVE-2021-33684

{"id": "CVE-2021-33684", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2021-07-14T12:15:09.497", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3032624", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low."}, {"lang": "es", "value": "SAP NetWeaver AS ABAP y ABAP Platform, versiones - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7. 53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, permite a un atacante enviar contenido excesivamente largo en el tipo de petici\u00f3n RFC, bloqueando as\u00ed el proceso de trabajo correspondiente debido a una vulnerabilidad de corrupci\u00f3n de memoria. El proceso de trabajo intentar\u00e1 reiniciarse por s\u00ed mismo despu\u00e9s del bloqueo y, por lo tanto, el impacto en la disponibilidad es bajo"}], "lastModified": "2022-10-06T15:20:09.903", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_abap:7.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A46A215F-D013-4E5D-B597-EEE7FD65C27E"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.21ext:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "125D552D-24DF-4BE6-9DA6-55177DFA6ADD"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFBA8C16-AD2E-4046-A22D-B8AB2A38DAD0"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.22ext:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A701B328-CC8D-4F10-8CDB-47883CAAC116"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "699E6EA8-1AA9-4C0E-A373-7E2F93E2F861"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A748DC7-E701-4E5B-9918-5CA6D7F52899"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.77:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E438D5E-F211-4361-AC2D-E86A7CE88026"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.81:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87B7FA96-2BA0-4328-8C97-31129E72D779"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_8.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7679B78A-CF53-42FA-8A96-319F13B40A8F"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl32nuc_7.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BA319BA-6236-4D24-B6D4-1F8159944002"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl32uc_7.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C568E18-9F51-47C4-B190-75E2ADF9981C"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C318C2FD-3521-4DA9-8934-693D3DFC137E"}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_8.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DCEFFCC-4529-4A75-A146-C28A4CA80DC3"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F36D87C9-12A9-4D37-9BBB-E22D8A054341"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.21ext:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA1D3FB7-DE15-4F23-908F-DDEAAB3C577C"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16B3C589-DF11-459D-8A3F-1A1FD2265022"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF64539B-0DE2-4076-91B9-F03F4DDFAE2F"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FBC5614-7C3F-4AD8-8640-0499B8B03C64"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E8CB869-C342-4362-9A4A-298F0B5F4003"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.77:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89E7439E-F4D6-45EA-99FC-C9B34D4D590E"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.81:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "252DCEF2-8DDF-467F-8869-B69A0A3426F8"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "379FDFC8-947E-4D09-A9DD-4B3F7481F648"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl32nuc_7.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A3C05E4-BD11-4E9C-8476-70AF2A236056"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl32uc_7.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "674E3638-1270-4AEA-ABA3-8CD116FFEE48"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94631E8C-631B-4972-A30F-BA93E58005B4"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_8.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88CD861F-08FB-4CE1-923C-79D1480A2259"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}