Sign-up

ID

VAR-202107-1159


CVE

CVE-2021-33684


TITLE

SAP NetWeaver AS ABAP  and  ABAP Platform  Out-of-bounds Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2021-009753

DESCRIPTION

SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low. SAP NetWeaver AS ABAP and ABAP Platform Is vulnerable to an out-of-bounds write.Denial of service (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2021-33684 // JVNDB: JVNDB-2021-009753 // VULMON: CVE-2021-33684

AFFECTED PRODUCTS

vendor:sapmodel:netweaver abapscope:eqversion:7.77

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:7.81

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:krnl32nuc_7.21

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:krnl64nuc_7.21

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:krnl32uc_7.21

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:7.22

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:kernel_8.04

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:7.49

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:7.21

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:krnl64uc_8.04

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:7.22ext

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:7.53

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:7.21ext

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:7.77

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:7.81

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:krnl32nuc_7.21

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:krnl64nuc_7.21

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:7.22ext

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:7.22

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:7.49

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:krnl64uc_8.04

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:krnl32uc_7.21

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:kernel_8.04

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:7.21

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:7.21ext

Trust: 1.0

vendor:sapmodel:netweaver abapscope:eqversion:7.53

Trust: 1.0

vendor:sapmodel:netweaver as abapscope: - version: -

Trust: 0.8

vendor:sapmodel:netweaver abapscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-009753 // NVD: CVE-2021-33684

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-33684
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202107-706
value: MEDIUM

Trust: 0.6

NVD: CVE-2021-33684
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.8

NVD: CVE-2021-33684
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-33684
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-009753 // CNNVD: CNNVD-202107-706 // NVD: CVE-2021-33684

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-009753 // NVD: CVE-2021-33684

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-706

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202107-706

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-33684

PATCH
title:SAP Security Patch Day - July 2021url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=580617506
Trust: 0.8
title:SAP NetWeaver AS ABAP Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156399
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-009753 // 
            
            
            
            CNNVD: CNNVD-202107-706

EXTERNAL IDS
db:NVDid:CVE-2021-33684
Trust: 3.3
db:JVNDBid:JVNDB-2021-009753
Trust: 0.8
db:CNNVDid:CNNVD-202107-706
Trust: 0.6
db:VULMONid:CVE-2021-33684
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-33684 // 
            
            
            
            JVNDB: JVNDB-2021-009753 // 
            
            
            
            CNNVD: CNNVD-202107-706 // 
            
            
            
            NVD: CVE-2021-33684

REFERENCES
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=580617506
Trust: 1.7
url:https://launchpad.support.sap.com/#/notes/3032624
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2021-33684
Trust: 1.4
url:https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-july-2021-35875
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-33684 // 
            
            
            
            JVNDB: JVNDB-2021-009753 // 
            
            
            
            CNNVD: CNNVD-202107-706 // 
            
            
            
            NVD: CVE-2021-33684

SOURCES
db:VULMONid:CVE-2021-33684
db:JVNDBid:JVNDB-2021-009753
db:CNNVDid:CNNVD-202107-706
db:NVDid:CVE-2021-33684

LAST UPDATE DATE
2022-05-19T22:05:45.821000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-33684date:2021-07-14T00:00:00
db:JVNDBid:JVNDB-2021-009753date:2022-05-18T06:41:00
db:CNNVDid:CNNVD-202107-706date:2021-08-24T00:00:00
db:NVDid:CVE-2021-33684date:2021-07-27T14:19:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-33684date:2021-07-14T00:00:00
db:JVNDBid:JVNDB-2021-009753date:2022-05-18T00:00:00
db:CNNVDid:CNNVD-202107-706date:2021-07-13T00:00:00
db:NVDid:CVE-2021-33684date:2021-07-14T12:15:00