Unrated severityNVD Advisory· Published Jun 9, 2021· Updated Aug 3, 2024

CVE-2021-27624

Description

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CiXMLIStreamRawBuffer::readRaw () which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Affected products

SAP/Internet Graphics Service (IGS)llm-fuzzy
Range: 7.20,7.20EXT,7.53,7.20_EX2,7.81
SAP SE/SAP Internet Graphics Servicev5
Range: < 7.20

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

launchpad.support.sap.commitre
wiki.scn.sap.com/wiki/pages/viewpage.actionmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000