The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-of-service conditions due to consumption of a large amount of system memory, thus highly impacting system availability.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/3012021 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2021-05-11T14:19:33
Updated: 2021-05-11T14:19:33
Reserved: 2021-02-23T00:00:00
Link: CVE-2021-27617
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-05-11T15:15:08.410
Modified: 2022-06-28T14:11:45.273
Link: CVE-2021-27617
JSON object: View
Redhat Information
No data.
CWE