CVE-2021-27623

Name of the Vulnerable Software and Affected Versions SAP Internet Graphics Service versions 7.20, 7.20EXT, 7.53, 7.20 EX2, 7.81

Description The issue allows an unauthenticated attacker to submit a malicious request over a network after retrieving an existing system state value. This is due to insufficient input validation in the CXmlUtility::CheckLength() method, which triggers an internal memory corruption error, causing the system to crash and become unavailable. The attack does not allow data in the system to be viewed or modified.

Recommendations For SAP Internet Graphics Service versions 7.20, 7.20EXT, 7.53, 7.20 EX2, 7.81, consider disabling the CXmlUtility::CheckLength() method as a temporary workaround until a patch is available. Restrict access to the network to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.