What is the severity of CVE-2021-21493?

CVE-2021-21493 has a medium severity rating due to its potential to disclose sensitive information.

How do I fix CVE-2021-21493?

To fix CVE-2021-21493, ensure that you apply the latest security updates provided by SAP for the 3D Visual Enterprise Viewer.

What types of systems are affected by CVE-2021-21493?

CVE-2021-21493 affects installations of SAP 3D Visual Enterprise Viewer version 9.

What are the potential impacts of CVE-2021-21493?

The potential impacts of CVE-2021-21493 include unauthorized information disclosure if exploited successfully.

Does CVE-2021-21493 require user interaction to be exploited?

Yes, user interaction is required for CVE-2021-21493, as the target must visit a malicious page or open a malicious file.

Vulnerability/
CVE-2021-21493

high

7.8

CWE

9/3/2021

3/8/2024

25/2/2025

CVE-2021-21493: SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability

First published: Tue Mar 09 2021(Updated: )

This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP 3D Visual Enterprise Viewer	=9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-21493?
CVE-2021-21493 has a medium severity rating due to its potential to disclose sensitive information.
How do I fix CVE-2021-21493?
To fix CVE-2021-21493, ensure that you apply the latest security updates provided by SAP for the 3D Visual Enterprise Viewer.
What types of systems are affected by CVE-2021-21493?
CVE-2021-21493 affects installations of SAP 3D Visual Enterprise Viewer version 9.
What are the potential impacts of CVE-2021-21493?
The potential impacts of CVE-2021-21493 include unauthorized information disclosure if exploited successfully.
Does CVE-2021-21493 require user interaction to be exploited?
Yes, user interaction is required for CVE-2021-21493, as the target must visit a malicious page or open a malicious file.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/last-modified-date
agent/references
agent/first-publish-date
agent/description
agent/author
agent/title
agent/softwarecombine
agent/event
agent/trending
agent/source
agent/tags
collector/zdi-advisory
source/ZDI
alias/ZDI-21-307
alias/ZDI-CAN-12172
alias/CVE-2021-21493
agent/software-canonical-lookup
agent/software-canonical-lookup-request
alias/ZDI-21-290
alias/ZDI-CAN-12097
alias/ZDI-21-300
alias/ZDI-CAN-12317
alias/ZDI-21-308
alias/ZDI-CAN-12173
alias/ZDI-21-293
alias/ZDI-CAN-12175
alias/ZDI-21-296
alias/ZDI-CAN-12225
alias/ZDI-21-295
alias/ZDI-CAN-12224
alias/ZDI-21-309
alias/ZDI-CAN-12174
alias/ZDI-21-303
alias/ZDI-CAN-12320
alias/ZDI-21-289
alias/ZDI-CAN-12092
alias/ZDI-21-291
alias/ZDI-CAN-12098
alias/ZDI-21-301
alias/ZDI-CAN-12318
alias/ZDI-21-302
alias/ZDI-CAN-12319
alias/ZDI-21-297
alias/ZDI-CAN-12171
alias/ZDI-21-305
alias/ZDI-CAN-12322
collector/nvd-index
alias/ZDI-21-304
alias/ZDI-CAN-12321
vendor/sap
canonical/sap 3d visual enterprise viewer
version/sap 3d visual enterprise viewer/9