sap netweaver_as_internet_graphics_server 输入验证不恰当

admin

0
文章

0
评论

2023-12-01 14:15:29 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

sap netweaver_as_internet_graphics_server 输入验证不恰当

CVE编号

CVE-2021-27623

利用情况

暂无

补丁情况

N/A

披露时间

2021-06-09

漏洞描述

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CXmlUtility::CheckLength() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://launchpad.support.sap.com/
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	sap	netweaver_as_internet_graphics_server	7.20	-
	运行在以下环境
	应用	sap	netweaver_as_internet_graphics_server	7.20ex2	-
	运行在以下环境
	应用	sap	netweaver_as_internet_graphics_server	7.20ext	-
	运行在以下环境
	应用	sap	netweaver_as_internet_graphics_server	7.53	-
	运行在以下环境
	应用	sap	netweaver_as_internet_graphics_server	7.81	-