Sign-up

ID

VAR-202105-0832


CVE

CVE-2021-27611


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.53

sources: NVD: CVE-2021-27611 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-27611

AFFECTED PRODUCTS

vendor:sapmodel:netweaver as abapscope:eqversion:702

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:731

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:700

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:730

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:701

Trust: 1.0

sources: NVD: CVE-2021-27611

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-27611
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-611
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-27611
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-27611
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2021-27611
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2021-27611 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-611 // NVD: CVE-2021-27611

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.0

sources: NVD: CVE-2021-27611

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-611

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-27611

PATCH
title:SAP NetWeaver AS ABAP Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=151239
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202105-611

EXTERNAL IDS
db:NVDid:CVE-2021-27611
Trust: 1.7
db:CS-HELPid:SB2021041363
Trust: 0.6
db:CNNVDid:CNNVD-202104-975
Trust: 0.6
db:CS-HELPid:SB2021051104
Trust: 0.6
db:CNNVDid:CNNVD-202105-611
Trust: 0.6
db:VULMONid:CVE-2021-27611
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-27611 // 
            
            
            
            CNNVD: CNNVD-202104-975 // 
            
            
            
            CNNVD: CNNVD-202105-611 // 
            
            
            
            NVD: CVE-2021-27611

REFERENCES
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=576094655
Trust: 1.7
url:https://launchpad.support.sap.com/#/notes/3046610
Trust: 1.7
url:https://www.cybersecurity-help.cz/vdb/sb2021041363
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2021051104
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/74.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-27611 // 
            
            
            
            CNNVD: CNNVD-202104-975 // 
            
            
            
            CNNVD: CNNVD-202105-611 // 
            
            
            
            NVD: CVE-2021-27611

SOURCES
db:VULMONid:CVE-2021-27611
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-611
db:NVDid:CVE-2021-27611

LAST UPDATE DATE
2022-05-04T08:07:07.551000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-27611date:2021-05-19T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-611date:2021-05-20T00:00:00
db:NVDid:CVE-2021-27611date:2021-05-19T16:35:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-27611date:2021-05-11T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-611date:2021-05-11T00:00:00
db:NVDid:CVE-2021-27611date:2021-05-11T15:15:00