Description
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CiXMLIStreamRawBuffer::readRaw () which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
Related CPE's
a
sap
netweaver_as_internet_graphics_server
References
https://launchpad.support.sap.com/#/notes/3021050
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999
CVSS impact metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-06-09T14:15:08.590
4 years agoLast modified
2022-10-31T14:47:01.647
2 years ago