Strix
26.1K

CVE-2021-33684

MEDIUMCVSS 5.3/10EPSS 1.18%

Last modified

CVE-2021-33684 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low.. EPSS estimates a 1.18% chance of exploitation in the next 30 days.

Description

SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low.

Metrics

CVSS 3.1
5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Probability
1.18%

63.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SapNetweaver Abap7.21
SapNetweaver Abap7.21ext
SapNetweaver Abap7.22
SapNetweaver Abap7.22ext
SapNetweaver Abap7.49
SapNetweaver Abap7.53
SapNetweaver Abap7.77
SapNetweaver Abap7.81
SapNetweaver Abapkernel_8.04
SapNetweaver Abapkrnl32nuc_7.21
SapNetweaver Abapkrnl32uc_7.21
SapNetweaver Abapkrnl64nuc_7.21
SapNetweaver Abapkrnl64uc_8.04
SapNetweaver Application Server Abap7.21
SapNetweaver Application Server Abap7.21ext
SapNetweaver Application Server Abap7.22
SapNetweaver Application Server Abap7.22ext
SapNetweaver Application Server Abap7.49
SapNetweaver Application Server Abap7.53
SapNetweaver Application Server Abap7.77
SapNetweaver Application Server Abap7.81
SapNetweaver Application Server Abapkernel_8.04
SapNetweaver Application Server Abapkrnl32nuc_7.21
SapNetweaver Application Server Abapkrnl32uc_7.21
SapNetweaver Application Server Abapkrnl64nuc_7.21
SapNetweaver Application Server Abapkrnl64uc_8.04

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-33684?
SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low.
How severe is CVE-2021-33684?
CVE-2021-33684 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 1.18% probability of exploitation in the next 30 days.
How do I fix CVE-2021-33684?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-33684?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST