Memory Corruption Vulnerability in SAP Internet Graphics Service
CVE-2021-27626
5.9MEDIUM
What is CVE-2021-27626?
SAP Internet Graphics Service allows unauthenticated attackers to exploit insufficient input validation in the CMiniXMLParser::Parse() method. By submitting a malicious IGS request after retrieving an existing system state value, attackers can trigger an internal memory corruption error. This flaw can lead to system crashes, making the service unavailable, while preventing data from being viewed or modified. Organizations using SAP Internet Graphics Service should implement patches to safeguard against this vulnerability.
Affected Version(s)
SAP Internet Graphics Service < 7.20 < 7.20
SAP Internet Graphics Service < 7.20EXT < 7.20EXT
SAP Internet Graphics Service < 7.53 < 7.53