CVE-2021-33684
First published: Wed Jul 14 2021(Updated: )
SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver ABAP | =7.21 | |
| SAP NetWeaver ABAP | =7.21ext | |
| SAP NetWeaver ABAP | =7.22 | |
| SAP NetWeaver ABAP | =7.22ext | |
| SAP NetWeaver ABAP | =7.49 | |
| SAP NetWeaver ABAP | =7.53 | |
| SAP NetWeaver ABAP | =7.77 | |
| SAP NetWeaver ABAP | =7.81 | |
| SAP NetWeaver ABAP | =kernel_8.04 | |
| SAP NetWeaver ABAP | =krnl32nuc_7.21 | |
| SAP NetWeaver ABAP | =krnl32uc_7.21 | |
| SAP NetWeaver ABAP | =krnl64nuc_7.21 | |
| SAP NetWeaver ABAP | =krnl64uc_8.04 | |
| SAP NetWeaver Application Server ABAP | =7.21 | |
| SAP NetWeaver Application Server ABAP | =7.21ext | |
| SAP NetWeaver Application Server ABAP | =7.22 | |
| SAP NetWeaver Application Server ABAP | =7.22ext | |
| SAP NetWeaver Application Server ABAP | =7.49 | |
| SAP NetWeaver Application Server ABAP | =7.53 | |
| SAP NetWeaver Application Server ABAP | =7.77 | |
| SAP NetWeaver Application Server ABAP | =7.81 | |
| SAP NetWeaver Application Server ABAP | =kernel_8.04 | |
| SAP NetWeaver Application Server ABAP | =krnl32nuc_7.21 | |
| SAP NetWeaver Application Server ABAP | =krnl32uc_7.21 | |
| SAP NetWeaver Application Server ABAP | =krnl64nuc_7.21 | |
| SAP NetWeaver Application Server ABAP | =krnl64uc_8.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-33684?
The severity of CVE-2021-33684 is medium (5.3).
What software versions are affected by CVE-2021-33684?
SAP NetWeaver AS ABAP and ABAP Platform versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, and 7.81.
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-33684?
The Common Weakness Enumeration (CWE) ID for CVE-2021-33684 is 787.
Where can I find more information about CVE-2021-33684?
You can find more information about CVE-2021-33684 on the following references: [Reference 1](https://launchpad.support.sap.com/#/notes/3032624) and [Reference 2](https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506).
How do I mitigate the vulnerability in SAP NetWeaver AS ABAP and ABAP Platform?
To mitigate the vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, apply the relevant patches provided by SAP and follow the recommended security measures outlined in the SAP security advisory.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap netweaver abap
- version/sap netweaver abap/7.21
- version/sap netweaver abap/7.21ext
- version/sap netweaver abap/7.22
- version/sap netweaver abap/7.22ext
- version/sap netweaver abap/7.49
- version/sap netweaver abap/7.53
- version/sap netweaver abap/7.77
- version/sap netweaver abap/7.81
- version/sap netweaver abap/kernel_8.04
- version/sap netweaver abap/krnl32nuc_7.21
- version/sap netweaver abap/krnl32uc_7.21
- version/sap netweaver abap/krnl64nuc_7.21
- version/sap netweaver abap/krnl64uc_8.04
- canonical/sap netweaver application server abap
- version/sap netweaver application server abap/7.21
- version/sap netweaver application server abap/7.21ext
- version/sap netweaver application server abap/7.22
- version/sap netweaver application server abap/7.22ext
- version/sap netweaver application server abap/7.49
- version/sap netweaver application server abap/7.53
- version/sap netweaver application server abap/7.77
- version/sap netweaver application server abap/7.81
- version/sap netweaver application server abap/kernel_8.04
- version/sap netweaver application server abap/krnl32nuc_7.21
- version/sap netweaver application server abap/krnl32uc_7.21
- version/sap netweaver application server abap/krnl64nuc_7.21
- version/sap netweaver application server abap/krnl64uc_8.04