CVE-2021-27624

Name of the Vulnerable Software and Affected Versions SAP Internet Graphics Service versions 7.20, 7.20EXT, 7.53, 7.20 EX2, 7.81

Description The issue allows an unauthenticated attacker to submit a malicious request over a network after retrieving an existing system state value. This is due to insufficient input validation in the CiXMLIStreamRawBuffer::readRaw() method, which triggers an internal memory corruption error, causing the system to crash and become unavailable. In this attack, no data in the system can be viewed or modified.

Recommendations For SAP Internet Graphics Service versions 7.20, 7.20EXT, 7.53, 7.20 EX2, 7.81, consider disabling the CiXMLIStreamRawBuffer::readRaw() method until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.