Vulnerability CVE-2021-21458


Published: 2021-01-12

Description:
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
SAP -> 3d visual enterprise viewer 

 References:
https://i7p.wdf.sap.corp/sap/support/notes/3002617
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
https://www.zerodayinitiative.com/advisories/ZDI-21-004/

Copyright 2021, cxsecurity.com

 

Back to Top