CVE-2021-33684 - Vulnerability Details

Vendors	Products
Sap	Netweaver Abap Netweaver Application Server Abap

Link	Providers
https://launchpad.support.sap.com/#/notes/3032624
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "SAP NetWeaver AS ABAP and ABAP Platform", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< KRNL32NUC 7.21"}, {"status": "affected", "version": "< 7.21EXT"}, {"status": "affected", "version": "< 7.22"}, {"status": "affected", "version": "< 7.22EXT"}, {"status": "affected", "version": "< KRNL32UC 7.21"}, {"status": "affected", "version": "< KRNL64NUC 7.21"}, {"status": "affected", "version": "< 7.49"}, {"status": "affected", "version": "< KRNL64UC 8.04"}, {"status": "affected", "version": "< 7.21"}, {"status": "affected", "version": "< 7.53"}, {"status": "affected", "version": "< KERNEL 8.04"}, {"status": "affected", "version": "< 7.77"}, {"status": "affected", "version": "< 7.81"}, {"status": "affected", "version": "< 7.84"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "Memory Corruption (CWE-787)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-14T11:04:32", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/3032624"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2021-33684", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP NetWeaver AS ABAP and ABAP Platform", "version": {"version_data": [{"version_name": "<", "version_value": "KRNL32NUC 7.21"}, {"version_name": "<", "version_value": "7.21EXT"}, {"version_name": "<", "version_value": "7.22"}, {"version_name": "<", "version_value": "7.22EXT"}, {"version_name": "<", "version_value": "KRNL32UC 7.21"}, {"version_name": "<", "version_value": "7.21EXT"}, {"version_name": "<", "version_value": "7.22"}, {"version_name": "<", "version_value": "7.22EXT"}, {"version_name": "<", "version_value": "KRNL64NUC 7.21"}, {"version_name": "<", "version_value": "7.21EXT"}, {"version_name": "<", "version_value": "7.22"}, {"version_name": "<", "version_value": "7.22EXT"}, {"version_name": "<", "version_value": "7.49"}, {"version_name": "<", "version_value": "KRNL64UC 8.04"}, {"version_name": "<", "version_value": "7.21"}, {"version_name": "<", "version_value": "7.21EXT"}, {"version_name": "<", "version_value": "7.22"}, {"version_name": "<", "version_value": "7.22EXT"}, {"version_name": "<", "version_value": "7.49"}, {"version_name": "<", "version_value": "7.53"}, {"version_name": "<", "version_value": "KERNEL 8.04"}, {"version_name": "<", "version_value": "7.21"}, {"version_name": "<", "version_value": "7.21EXT"}, {"version_name": "<", "version_value": "7.22"}, {"version_name": "<", "version_value": "7.22EXT"}, {"version_name": "<", "version_value": "7.49"}, {"version_name": "<", "version_value": "7.53"}, {"version_name": "<", "version_value": "7.77"}, {"version_name": "<", "version_value": "7.81"}, {"version_name": "<", "version_value": "7.84"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low."}]}, "impact": {"cvss": {"baseScore": "5.3", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Memory Corruption (CWE-787)"}]}]}, "references": {"reference_data": [{"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"}, {"name": "https://launchpad.support.sap.com/#/notes/3032624", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3032624"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:58:22.539Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/3032624"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2021-33684", "datePublished": "2021-07-14T11:04:32", "dateReserved": "2021-05-28T00:00:00", "dateUpdated": "2024-08-03T23:58:22.539Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : SAP NetWeaver AS ABAP and ABAP Platform (string)

vendor : SAP SE (string)

versions : [ »

0 : { »

status : affected (string)

version : < KRNL32NUC 7.21 (string)

}

1 : { »

status : affected (string)

version : < 7.21EXT (string)

}

2 : { »

status : affected (string)

version : < 7.22 (string)

}

3 : { »

status : affected (string)

version : < 7.22EXT (string)

}

4 : { »

status : affected (string)

version : < KRNL32UC 7.21 (string)

}

5 : { »

status : affected (string)

version : < KRNL64NUC 7.21 (string)

}

6 : { »

status : affected (string)

version : < 7.49 (string)

}

7 : { »

status : affected (string)

version : < KRNL64UC 8.04 (string)

}

8 : { »

status : affected (string)

version : < 7.21 (string)

}

9 : { »

status : affected (string)

version : < 7.53 (string)

}

10 : { »

status : affected (string)

version : < KERNEL 8.04 (string)

}

11 : { »

status : affected (string)

version : < 7.77 (string)

}

12 : { »

status : affected (string)

version : < 7.81 (string)

}

13 : { »

status : affected (string)

version : < 7.84 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low. (string)

}

]

metrics : [ »

0 : { »

cvssV3_0 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (string)

version : 3.0 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-787 (string)

description : Memory Corruption (CWE-787) (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-07-14T11:04:32 (string)

orgId : e4686d1a-f260-4930-ac4c-2f5c992778dd (string)

shortName : sap (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://launchpad.support.sap.com/#/notes/3032624 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cna@sap.com (string)

ID : CVE-2021-33684 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : SAP NetWeaver AS ABAP and ABAP Platform (string)

version : { »

version_data : [ »

0 : { »

version_name : < (string)

version_value : KRNL32NUC 7.21 (string)

}

1 : { »

version_name : < (string)

version_value : 7.21EXT (string)

}

2 : { »

version_name : < (string)

version_value : 7.22 (string)

}

3 : { »

version_name : < (string)

version_value : 7.22EXT (string)

}

4 : { »

version_name : < (string)

version_value : KRNL32UC 7.21 (string)

}

5 : { »

version_name : < (string)

version_value : 7.21EXT (string)

}

6 : { »

version_name : < (string)

version_value : 7.22 (string)

}

7 : { »

version_name : < (string)

version_value : 7.22EXT (string)

}

8 : { »

version_name : < (string)

version_value : KRNL64NUC 7.21 (string)

}

9 : { »

version_name : < (string)

version_value : 7.21EXT (string)

}

10 : { »

version_name : < (string)

version_value : 7.22 (string)

}

11 : { »

version_name : < (string)

version_value : 7.22EXT (string)

}

12 : { »

version_name : < (string)

version_value : 7.49 (string)

}

13 : { »

version_name : < (string)

version_value : KRNL64UC 8.04 (string)

}

14 : { »

version_name : < (string)

version_value : 7.21 (string)

}

15 : { »

version_name : < (string)

version_value : 7.21EXT (string)

}

16 : { »

version_name : < (string)

version_value : 7.22 (string)

}

17 : { »

version_name : < (string)

version_value : 7.22EXT (string)

}

18 : { »

version_name : < (string)

version_value : 7.49 (string)

}

19 : { »

version_name : < (string)

version_value : 7.53 (string)

}

20 : { »

version_name : < (string)

version_value : KERNEL 8.04 (string)

}

21 : { »

version_name : < (string)

version_value : 7.21 (string)

}

22 : { »

version_name : < (string)

version_value : 7.21EXT (string)

}

23 : { »

version_name : < (string)

version_value : 7.22 (string)

}

24 : { »

version_name : < (string)

version_value : 7.22EXT (string)

}

25 : { »

version_name : < (string)

version_value : 7.49 (string)

}

26 : { »

version_name : < (string)

version_value : 7.53 (string)

}

27 : { »

version_name : < (string)

version_value : 7.77 (string)

}

28 : { »

version_name : < (string)

version_value : 7.81 (string)

}

29 : { »

version_name : < (string)

version_value : 7.84 (string)

}

]

}

]

}

vendor_name : SAP SE (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low. (string)

}

]

}

impact : { »

cvss : { »

baseScore : 5.3 (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (string)

version : 3.0 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Memory Corruption (CWE-787) (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 (string)

refsource : MISC (string)

url : https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 (string)

}

1 : { »

name : https://launchpad.support.sap.com/#/notes/3032624 (string)

refsource : MISC (string)

url : https://launchpad.support.sap.com/#/notes/3032624 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T23:58:22.539Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://launchpad.support.sap.com/#/notes/3032624 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : e4686d1a-f260-4930-ac4c-2f5c992778dd (string)

assignerShortName : sap (string)

cveId : CVE-2021-33684 (string)

datePublished : 2021-07-14T11:04:32 (string)

dateReserved : 2021-05-28T00:00:00 (string)

dateUpdated : 2024-08-03T23:58:22.539Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_abap:7.21:*:*:*:*:*:*:*", "matchCriteriaId": "A46A215F-D013-4E5D-B597-EEE7FD65C27E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.21ext:*:*:*:*:*:*:*", "matchCriteriaId": "125D552D-24DF-4BE6-9DA6-55177DFA6ADD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.22:*:*:*:*:*:*:*", "matchCriteriaId": "FFBA8C16-AD2E-4046-A22D-B8AB2A38DAD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "A701B328-CC8D-4F10-8CDB-47883CAAC116", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.49:*:*:*:*:*:*:*", "matchCriteriaId": "699E6EA8-1AA9-4C0E-A373-7E2F93E2F861", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.53:*:*:*:*:*:*:*", "matchCriteriaId": "8A748DC7-E701-4E5B-9918-5CA6D7F52899", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.77:*:*:*:*:*:*:*", "matchCriteriaId": "9E438D5E-F211-4361-AC2D-E86A7CE88026", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:7.81:*:*:*:*:*:*:*", "matchCriteriaId": "87B7FA96-2BA0-4328-8C97-31129E72D779", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_8.04:*:*:*:*:*:*:*", "matchCriteriaId": "7679B78A-CF53-42FA-8A96-319F13B40A8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl32nuc_7.21:*:*:*:*:*:*:*", "matchCriteriaId": "3BA319BA-6236-4D24-B6D4-1F8159944002", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl32uc_7.21:*:*:*:*:*:*:*", "matchCriteriaId": "4C568E18-9F51-47C4-B190-75E2ADF9981C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.21:*:*:*:*:*:*:*", "matchCriteriaId": "C318C2FD-3521-4DA9-8934-693D3DFC137E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_8.04:*:*:*:*:*:*:*", "matchCriteriaId": "6DCEFFCC-4529-4A75-A146-C28A4CA80DC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.21:*:*:*:*:*:*:*", "matchCriteriaId": "F36D87C9-12A9-4D37-9BBB-E22D8A054341", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.21ext:*:*:*:*:*:*:*", "matchCriteriaId": "AA1D3FB7-DE15-4F23-908F-DDEAAB3C577C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.22:*:*:*:*:*:*:*", "matchCriteriaId": "16B3C589-DF11-459D-8A3F-1A1FD2265022", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "AF64539B-0DE2-4076-91B9-F03F4DDFAE2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.49:*:*:*:*:*:*:*", "matchCriteriaId": "9FBC5614-7C3F-4AD8-8640-0499B8B03C64", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.53:*:*:*:*:*:*:*", "matchCriteriaId": "9E8CB869-C342-4362-9A4A-298F0B5F4003", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.77:*:*:*:*:*:*:*", "matchCriteriaId": "89E7439E-F4D6-45EA-99FC-C9B34D4D590E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.81:*:*:*:*:*:*:*", "matchCriteriaId": "252DCEF2-8DDF-467F-8869-B69A0A3426F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:*", "matchCriteriaId": "379FDFC8-947E-4D09-A9DD-4B3F7481F648", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl32nuc_7.21:*:*:*:*:*:*:*", "matchCriteriaId": "5A3C05E4-BD11-4E9C-8476-70AF2A236056", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl32uc_7.21:*:*:*:*:*:*:*", "matchCriteriaId": "674E3638-1270-4AEA-ABA3-8CD116FFEE48", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.21:*:*:*:*:*:*:*", "matchCriteriaId": "94631E8C-631B-4972-A30F-BA93E58005B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_8.04:*:*:*:*:*:*:*", "matchCriteriaId": "88CD861F-08FB-4CE1-923C-79D1480A2259", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low."}, {"lang": "es", "value": "SAP NetWeaver AS ABAP y ABAP Platform, versiones - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7. 53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, permite a un atacante enviar contenido excesivamente largo en el tipo de petici\u00f3n RFC, bloqueando as\u00ed el proceso de trabajo correspondiente debido a una vulnerabilidad de corrupci\u00f3n de memoria. El proceso de trabajo intentar\u00e1 reiniciarse por s\u00ed mismo despu\u00e9s del bloqueo y, por lo tanto, el impacto en la disponibilidad es bajo"}], "id": "CVE-2021-33684", "lastModified": "2024-11-21T06:09:21.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@sap.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-14T12:15:09.497", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://launchpad.support.sap.com/#/notes/3032624"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://launchpad.support.sap.com/#/notes/3032624"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "cna@sap.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:sap:netweaver_abap:7.21:*:*:*:*:*:*:* (string)

matchCriteriaId : A46A215F-D013-4E5D-B597-EEE7FD65C27E (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:sap:netweaver_abap:7.21ext:*:*:*:*:*:*:* (string)

matchCriteriaId : 125D552D-24DF-4BE6-9DA6-55177DFA6ADD (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:sap:netweaver_abap:7.22:*:*:*:*:*:*:* (string)

matchCriteriaId : FFBA8C16-AD2E-4046-A22D-B8AB2A38DAD0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:sap:netweaver_abap:7.22ext:*:*:*:*:*:*:* (string)

matchCriteriaId : A701B328-CC8D-4F10-8CDB-47883CAAC116 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:sap:netweaver_abap:7.49:*:*:*:*:*:*:* (string)

matchCriteriaId : 699E6EA8-1AA9-4C0E-A373-7E2F93E2F861 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:sap:netweaver_abap:7.53:*:*:*:*:*:*:* (string)

matchCriteriaId : 8A748DC7-E701-4E5B-9918-5CA6D7F52899 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:sap:netweaver_abap:7.77:*:*:*:*:*:*:* (string)

matchCriteriaId : 9E438D5E-F211-4361-AC2D-E86A7CE88026 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:sap:netweaver_abap:7.81:*:*:*:*:*:*:* (string)

matchCriteriaId : 87B7FA96-2BA0-4328-8C97-31129E72D779 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:sap:netweaver_abap:kernel_8.04:*:*:*:*:*:*:* (string)

matchCriteriaId : 7679B78A-CF53-42FA-8A96-319F13B40A8F (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:sap:netweaver_abap:krnl32nuc_7.21:*:*:*:*:*:*:* (string)

matchCriteriaId : 3BA319BA-6236-4D24-B6D4-1F8159944002 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:sap:netweaver_abap:krnl32uc_7.21:*:*:*:*:*:*:* (string)

matchCriteriaId : 4C568E18-9F51-47C4-B190-75E2ADF9981C (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.21:*:*:*:*:*:*:* (string)

matchCriteriaId : C318C2FD-3521-4DA9-8934-693D3DFC137E (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:sap:netweaver_abap:krnl64uc_8.04:*:*:*:*:*:*:* (string)

matchCriteriaId : 6DCEFFCC-4529-4A75-A146-C28A4CA80DC3 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:7.21:*:*:*:*:*:*:* (string)

matchCriteriaId : F36D87C9-12A9-4D37-9BBB-E22D8A054341 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:7.21ext:*:*:*:*:*:*:* (string)

matchCriteriaId : AA1D3FB7-DE15-4F23-908F-DDEAAB3C577C (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:7.22:*:*:*:*:*:*:* (string)

matchCriteriaId : 16B3C589-DF11-459D-8A3F-1A1FD2265022 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:* (string)

matchCriteriaId : AF64539B-0DE2-4076-91B9-F03F4DDFAE2F (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:7.49:*:*:*:*:*:*:* (string)

matchCriteriaId : 9FBC5614-7C3F-4AD8-8640-0499B8B03C64 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:7.53:*:*:*:*:*:*:* (string)

matchCriteriaId : 9E8CB869-C342-4362-9A4A-298F0B5F4003 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:7.77:*:*:*:*:*:*:* (string)

matchCriteriaId : 89E7439E-F4D6-45EA-99FC-C9B34D4D590E (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:7.81:*:*:*:*:*:*:* (string)

matchCriteriaId : 252DCEF2-8DDF-467F-8869-B69A0A3426F8 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:* (string)

matchCriteriaId : 379FDFC8-947E-4D09-A9DD-4B3F7481F648 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:krnl32nuc_7.21:*:*:*:*:*:*:* (string)

matchCriteriaId : 5A3C05E4-BD11-4E9C-8476-70AF2A236056 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:krnl32uc_7.21:*:*:*:*:*:*:* (string)

matchCriteriaId : 674E3638-1270-4AEA-ABA3-8CD116FFEE48 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.21:*:*:*:*:*:*:* (string)

matchCriteriaId : 94631E8C-631B-4972-A30F-BA93E58005B4 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_8.04:*:*:*:*:*:*:* (string)

matchCriteriaId : 88CD861F-08FB-4CE1-923C-79D1480A2259 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low. (string)

}

1 : { »

lang : es (string)

value : SAP NetWeaver AS ABAP y ABAP Platform, versiones - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7. 53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, permite a un atacante enviar contenido excesivamente largo en el tipo de petición RFC, bloqueando así el proceso de trabajo correspondiente debido a una vulnerabilidad de corrupción de memoria. El proceso de trabajo intentará reiniciarse por sí mismo después del bloqueo y, por lo tanto, el impacto en la disponibilidad es bajo (string)

}

]

id : CVE-2021-33684 (string)

lastModified : 2024-11-21T06:09:21.680 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 1.4 (number)

source : cna@sap.com (string)

type : Secondary (string)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 1.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-07-14T12:15:09.497 (string)

references : [ »

0 : { »

source : cna@sap.com (string)

tags : [ »

0 : Permissions Required (string)

]

url : https://launchpad.support.sap.com/#/notes/3032624 (string)

}

1 : { »

source : cna@sap.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Permissions Required (string)

]

url : https://launchpad.support.sap.com/#/notes/3032624 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 (string)

}

]

sourceIdentifier : cna@sap.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : cna@sap.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object