PT-2021-20241 · Sap · Sap Netweaver As Abap
Published
2021-06-09
·
Updated
2022-10-05
·
CVE-2021-33663
CVSS v3.1
5.8
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
SAP NetWeaver AS ABAP versions 7.22 through 7.84
Description:
The issue allows an unauthorized attacker to insert cleartext commands into encrypted SMTP sessions over the network due to improper restriction of I/O buffering. This can partially impact the integrity of the application.
Recommendations:
For SAP NetWeaver AS ABAP versions 7.22 through 7.84, update to a version that properly restricts I/O buffering in encrypted SMTP sessions to prevent unauthorized insertion of cleartext commands.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sap Netweaver As Abap