CVE-2021-33663 | ByteOS Network

Vulnerability Details :

CVE-2021-33663

Assigner-sap

Assigner Org ID-e4686d1a-f260-4930-ac4c-2f5c992778dd

Published At-09 Jun, 2021 | 13:33

Updated At-03 Aug, 2024 | 23:58

SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper restriction of I/O buffering into encrypted SMTP sessions over the network which can partially impact the integrity of the application.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:sap

Assigner Org ID:e4686d1a-f260-4930-ac4c-2f5c992778dd

Published At:09 Jun, 2021 | 13:33

Updated At:03 Aug, 2024 | 23:58

▼CVE Numbering Authority (CNA)

SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper restriction of I/O buffering into encrypted SMTP sessions over the network which can partially impact the integrity of the application.

Affected Products

Vendor

Product

SAP NetWeaver AS ABAP

Versions

Affected

< KRNL32NUC - 7.22
< 7.22EXT
< KRNL32UC - 7.22
< KRNL64NUC - 7.22
< 7.49
< KRNL64UC - 8.04
< 7.22
< 7.53
< 7.73
< KERNEL - 7.22
< 8.04
< 7.77
< 7.81
< 7.82
< 7.83
< 7.84

Problem Types

Type	CWE ID	Description
text	N/A	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Type: text

CWE ID: N/A

Description: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Metrics

Version	Base score	Base severity	Vector
3.0	5.8	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Version: 3.0

Base score: 5.8

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

References

Hyperlink	Resource
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999	x_refsource_MISC
https://launchpad.support.sap.com/#/notes/3030604	x_refsource_MISC

Hyperlink: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999

Resource:

x_refsource_MISC

Hyperlink: https://launchpad.support.sap.com/#/notes/3030604

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999	x_refsource_MISC x_transferred
https://launchpad.support.sap.com/#/notes/3030604	x_refsource_MISC x_transferred

Hyperlink: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://launchpad.support.sap.com/#/notes/3030604

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

Source:cna@sap.com

Published At:09 Jun, 2021 | 14:15

Updated At:05 Oct, 2022 | 14:16

SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper restriction of I/O buffering into encrypted SMTP sessions over the network which can partially impact the integrity of the application.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Secondary	3.0	5.8	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N

Type: Primary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Type: Secondary

Version: 3.0

Base score: 5.8

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:N/I:P/A:N

CPE Matches

>>netweaver_application_server_abap>>kernel_7.22

cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>kernel_7.49

cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.49:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>kernel_7.53

cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>kernel_7.73

cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.73:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>kernel_7.77

cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>kernel_7.81

cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.81:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>kernel_7.82

cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.82:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>kernel_7.83

cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.83:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>kernel_7.84

cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.84:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>kernel_8.04

cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>krnl32nuc_7.22

cpe:2.3:a:sap:netweaver_application_server_abap:krnl32nuc_7.22:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>krnl32nuc_7.22ext

cpe:2.3:a:sap:netweaver_application_server_abap:krnl32nuc_7.22ext:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>krnl32uc_7.22

cpe:2.3:a:sap:netweaver_application_server_abap:krnl32uc_7.22:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>krnl32uc_7.22ext

cpe:2.3:a:sap:netweaver_application_server_abap:krnl32uc_7.22ext:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>krnl64nuc_7.22

cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>krnl64nuc_7.22ext

cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>krnl64nuc_7.49

cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.49:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>krnl64uc_7.22

cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>krnl64uc_7.22ext

cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>krnl64uc_7.49

cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.49:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>krnl64uc_7.53

cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.53:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>krnl64uc_7.73

cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.73:*:*:*:*:*:*:*

>>netweaver_application_server_abap>>krnl64uc_8.04

cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_8.04:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://launchpad.support.sap.com/#/notes/3030604	cna@sap.com	Permissions Required Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999	cna@sap.com	Vendor Advisory

Hyperlink: https://launchpad.support.sap.com/#/notes/3030604

Source: cna@sap.com

Resource:

Permissions Required

Vendor Advisory

Hyperlink: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999

Source: cna@sap.com

Resource:

Vendor Advisory