What is the vulnerability ID of this SAP NetWeaver AS ABAP vulnerability?

The vulnerability ID is CVE-2021-33663.

What is the severity level of CVE-2021-33663?

CVE-2021-33663 has a severity level of medium.

What is the impact of CVE-2021-33663?

CVE-2021-33663 allows an unauthorized attacker to insert cleartext commands due to improper restrictions on commands that can be executed, which can lead to various security issues.

Where can I find more information about CVE-2021-33663?

You can find more information about CVE-2021-33663 in the SAP Launchpad and SAP Community Network.

Vulnerability/
CVE-2021-33663

medium

5.8

9/6/2021

5/10/2022

CVE-2021-33663

First published: Wed Jun 09 2021(Updated: )

SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper restriction of I/O buffering into encrypted SMTP sessions over the network which can partially impact the integrity of the application.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP NetWeaver Application Server ABAP	=kernel_7.22
SAP NetWeaver Application Server ABAP	=kernel_7.49
SAP NetWeaver Application Server ABAP	=kernel_7.53
SAP NetWeaver Application Server ABAP	=kernel_7.73
SAP NetWeaver Application Server ABAP	=kernel_7.77
SAP NetWeaver Application Server ABAP	=kernel_7.81
SAP NetWeaver Application Server ABAP	=kernel_7.82
SAP NetWeaver Application Server ABAP	=kernel_7.83
SAP NetWeaver Application Server ABAP	=kernel_7.84
SAP NetWeaver Application Server ABAP	=kernel_8.04
SAP NetWeaver Application Server ABAP	=krnl32nuc_7.22
SAP NetWeaver Application Server ABAP	=krnl32nuc_7.22ext
SAP NetWeaver Application Server ABAP	=krnl32uc_7.22
SAP NetWeaver Application Server ABAP	=krnl32uc_7.22ext
SAP NetWeaver Application Server ABAP	=krnl64nuc_7.22
SAP NetWeaver Application Server ABAP	=krnl64nuc_7.22ext
SAP NetWeaver Application Server ABAP	=krnl64nuc_7.49
SAP NetWeaver Application Server ABAP	=krnl64uc_7.22
SAP NetWeaver Application Server ABAP	=krnl64uc_7.22ext
SAP NetWeaver Application Server ABAP	=krnl64uc_7.49
SAP NetWeaver Application Server ABAP	=krnl64uc_7.53
SAP NetWeaver Application Server ABAP	=krnl64uc_7.73
SAP NetWeaver Application Server ABAP	=krnl64uc_8.04

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this SAP NetWeaver AS ABAP vulnerability?
The vulnerability ID is CVE-2021-33663.
What is the severity level of CVE-2021-33663?
CVE-2021-33663 has a severity level of medium.
Which versions of SAP NetWeaver AS ABAP are affected by CVE-2021-33663?
Versions KRNL32NUC 7.22 and 7.22EXT, KRNL32UC 7.22 and 7.22EXT, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73, KERNEL 7.22, 8.04, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, and 7.84 are affected by CVE-2021-33663.
What is the impact of CVE-2021-33663?
CVE-2021-33663 allows an unauthorized attacker to insert cleartext commands due to improper restrictions on commands that can be executed, which can lead to various security issues.
Where can I find more information about CVE-2021-33663?
You can find more information about CVE-2021-33663 in the SAP Launchpad and SAP Community Network.

collector/nvd-index
agent/references
agent/severity
agent/author
agent/type
agent/tags
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
vendor/sap
canonical/sap netweaver application server abap
version/sap netweaver application server abap/kernel_7.22
version/sap netweaver application server abap/kernel_7.49
version/sap netweaver application server abap/kernel_7.53
version/sap netweaver application server abap/kernel_7.73
version/sap netweaver application server abap/kernel_7.77
version/sap netweaver application server abap/kernel_7.81
version/sap netweaver application server abap/kernel_7.82
version/sap netweaver application server abap/kernel_7.83
version/sap netweaver application server abap/kernel_7.84
version/sap netweaver application server abap/kernel_8.04
version/sap netweaver application server abap/krnl32nuc_7.22
version/sap netweaver application server abap/krnl32nuc_7.22ext
version/sap netweaver application server abap/krnl32uc_7.22
version/sap netweaver application server abap/krnl32uc_7.22ext
version/sap netweaver application server abap/krnl64nuc_7.22
version/sap netweaver application server abap/krnl64nuc_7.22ext
version/sap netweaver application server abap/krnl64nuc_7.49
version/sap netweaver application server abap/krnl64uc_7.22
version/sap netweaver application server abap/krnl64uc_7.22ext
version/sap netweaver application server abap/krnl64uc_7.49
version/sap netweaver application server abap/krnl64uc_7.53
version/sap netweaver application server abap/krnl64uc_7.73
version/sap netweaver application server abap/krnl64uc_8.04

CVE-2021-33663

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this SAP NetWeaver AS ABAP vulnerability?

What is the severity level of CVE-2021-33663?

Which versions of SAP NetWeaver AS ABAP are affected by CVE-2021-33663?

What is the impact of CVE-2021-33663?

Where can I find more information about CVE-2021-33663?

Company

Resources

Contact