CVE-2021-27626
MEDIUMSAP Internet Graphics Service <=7.81 - Unauthenticated DoS via Malicious IGS Request
Title source: llmDescription
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CMiniXMLParser::Parse() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References (2)
Core 2
Core References
Permissions Required, Vendor Advisory
https://launchpad.support.sap.com/#/notes/3021050
Broken Link, Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999
Scores
CVSS v3
5.9
EPSS
0.0051
EPSS Percentile
66.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-787
Status
published
Products (5)
sap/netweaver_as_internet_graphics_server
7.20
sap/netweaver_as_internet_graphics_server
7.20ex2
sap/netweaver_as_internet_graphics_server
7.20ext
sap/netweaver_as_internet_graphics_server
7.53
sap/netweaver_as_internet_graphics_server
7.81
Published
Jun 09, 2021
Tracked Since
Feb 18, 2026