CVE-2021-33684 vulnerability in SAP Products
Published on July 14, 2021

SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low.

NVD

Weakness Type

What is a Memory Corruption Vulnerability?

The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.

CVE-2021-33684 has been classified to as a Memory Corruption vulnerability or weakness.

Products Associated with CVE-2021-33684

Want to know whenever a new CVE is published for SAP products? stack.watch will email you.

SAP Netweaver Abap

SAP Netweaver As Abap

SAP Netweaver Application Server Abap

Affected Versions

SAP SE SAP NetWeaver AS ABAP and ABAP Platform:

Version < KRNL32NUC 7.21 is affected.
Version < 7.21EXT is affected.
Version < 7.22 is affected.
Version < 7.22EXT is affected.
Version < KRNL32UC 7.21 is affected.
Version < KRNL64NUC 7.21 is affected.
Version < 7.49 is affected.
Version < KRNL64UC 8.04 is affected.
Version < 7.21 is affected.
Version < 7.53 is affected.
Version < KERNEL 8.04 is affected.
Version < 7.77 is affected.
Version < 7.81 is affected.
Version < 7.84 is affected.

Exploit Probability

EPSS

0.18%

Percentile

39.88%