CVE-2021-27622

Name of the Vulnerable Software and Affected Versions SAP Internet Graphics Service versions 7.20, 7.20EXT, 7.53, 7.20 EX2, 7.81

Description The issue allows an unauthenticated attacker to submit a malicious request over a network after retrieving an existing system state value. This is due to insufficient input validation in the CDrawRaster::LoadImageFromMemory() method, which triggers an internal memory corruption error, causing the system to crash and become unavailable. No data in the system can be viewed or modified during this attack.

Recommendations For SAP Internet Graphics Service versions 7.20, 7.20EXT, 7.53, 7.20 EX2, 7.81, consider disabling the CDrawRaster::LoadImageFromMemory() method until a patch is available to prevent exploitation. Restrict access to the SAP Internet Graphics Service to minimize the risk of the system becoming unavailable due to the attack. At the moment, there is no information about a newer version that contains a fix for this issue.