CVE-2021-27617
moderate-risk
Published 2021-05-11
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-of-service conditions due to consumption of a large amount of system memory, thus highly impacting system availability.
Do I need to act?
-
0.21% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.9/10
Medium
NETWORK
/ LOW complexity
Affected Products (7)
Affected Vendors
References (4)
Permissions Required
https://launchpad.support.sap.com/#/notes/3012021
Permissions Required
https://launchpad.support.sap.com/#/notes/3012021
35
/ 100
moderate-risk
Severity
20/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
14/34 · Moderate