VDB
CVE-2021-33684
CVE-2021-33684
PUBLISHED
CVSS 5.300000190734863 MEDIUM
SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low.
EPSS 0.18% · 39.8th percentile
Risk Scores
CVSS 3.0
5.300000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.18%
39.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| sap | netweaver_application_server_abap | 7.21, 7.22, 7.22ext |
| SAP SE | SAP NetWeaver AS ABAP and ABAP Platform | *, < 7.21EXT, < 7.22 |
| sap | netweaver_abap | 7.22ext, 7.49, 7.53 |
Exploit Intelligence
Timeline
- Jul 13, 2021 CVE Published
- Jul 15, 2021 EPSS Score
- Sep 13, 2021 EPSS Score
- Nov 11, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 10, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 9, 2022 EPSS Score
- Jul 8, 2022 EPSS Score
- Sep 6, 2022 EPSS Score
- Nov 5, 2022 EPSS Score