CVE-2021-33684

CWE-787Out-of-bounds Write3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 60.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SAP SE SAP Netweaver AS Abap AND Abap PlatformSAP Netweaver AbapSAP Netweaver Application Server Abap
Timeline
PublishedJul 14
Latest updateMay 24

Description

SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

CVEListV5sap_se/sap_netweaver_as_abap_and_abap_platform< KRNL32NUC 7.21+13
NVDsap/netweaver_abap13 versions+12
NVDsap/netweaver_application13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-69qv-phc7-2vh6: SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 72022-05-24
CVEList
CVE-2021-33684: SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 72021-07-14
CVE-2021-33684 (MEDIUM CVSS 5.3) | SAP NetWeaver AS ABAP and ABAP Plat | cvebase.io