CVE-2021-27617

MEDIUM Year: 2021
CVSS v3 Score
4.9
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-of-service conditions due to consumption of a large amount of system memory, thus highly impacting system availability.

Related Vulnerabilities

CVE-2017-11183

MEDIUM
CVSS:4.9(Medium)

front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter.

CWE-202017

CVE-2017-14023

MEDIUM
CVSS:4.9(Medium)

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been id...

CWE-202017

CVE-2017-18453

MEDIUM
CVSS:4.9(Medium)

cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260).

CWE-202017

CVE-2017-18464

MEDIUM
CVSS:4.9(Medium)

cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226).

CWE-202017

CVE-2017-2254

MEDIUM
CVSS:4.9(Medium)

Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input

CWE-202017

CVE-2017-6690

MEDIUM
CVSS:4.9(Medium)

A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or...

CWE-202017