» 2021 » 6월

CVE-2021-27621

Posted on 2021년 6월 9일2021년 6월 10일 by admin

CVE-2021-27621

Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions – 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name.

Source: CVE-2021-27621

CVE-2021-27624

Posted on 2021년 6월 9일2021년 6월 10일 by admin

CVE-2021-27624

SAP Internet Graphics Service, versions – 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CiXMLIStreamRawBuffer::readRaw () which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Source: CVE-2021-27624

CVE-2021-27623

Posted on 2021년 6월 9일2021년 6월 10일 by admin

CVE-2021-27623

SAP Internet Graphics Service, versions – 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CXmlUtility::CheckLength() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Source: CVE-2021-27623

CVE-2021-27597

Posted on 2021년 6월 9일2021년 6월 10일 by admin

CVE-2021-27597

SAP NetWeaver AS for ABAP (RFC Gateway), versions – KRNL32NUC – 7.22,7.22EXT, KRNL64NUC – 7.22,7.22EXT,7.49, KRNL64UC – 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL – 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method memmove() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Source: CVE-2021-27597

CVE-2021-27625

Posted on 2021년 6월 9일2021년 6월 10일 by admin

CVE-2021-27625

SAP Internet Graphics Service, versions – 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method IgsData::freeMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Source: CVE-2021-27625

CVE-2021-27627

Posted on 2021년 6월 9일2021년 6월 10일 by admin

CVE-2021-27627

SAP Internet Graphics Service, versions – 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method ChartInterpreter::DoIt() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Source: CVE-2021-27627

CVE-2021-27626

Posted on 2021년 6월 9일2021년 6월 10일 by admin

CVE-2021-27626

SAP Internet Graphics Service, versions – 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CMiniXMLParser::Parse() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Source: CVE-2021-27626

CVE-2021-27620

Posted on 2021년 6월 9일2021년 6월 10일 by admin

CVE-2021-27620

SAP Internet Graphics Service, versions – 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method Ups::AddPart() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Source: CVE-2021-27620

CVE-2021-27622

Posted on 2021년 6월 9일2021년 6월 10일 by admin

CVE-2021-27622

SAP Internet Graphics Service, versions – 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CDrawRaster::LoadImageFromMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Source: CVE-2021-27622

CVE-2021-27606

Posted on 2021년 6월 9일2021년 6월 10일 by admin

CVE-2021-27606

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions – KRNL32NUC – 7.22,7.22EXT, KRNL64NUC – 7.22,7.22EXT,7.49, KRNL64UC – 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL – 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Source: CVE-2021-27606