CVE-2021-38174
6.5 MEDIUMWhen a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version - 9, the application crash...
Published: 2021-09-14 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected products
| Vendor | Product |
|---|---|
| sap | 3d_visual_enterprise_viewer |
Description
When a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version - 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-38174
- [Other]https://launchpad.support.sap.com/#/notes/3087791
- [Vendor advisory]https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405
- [Other]https://launchpad.support.sap.com/#/notes/3087791
- [Vendor advisory]https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405
Related CVEs
Same vendor
- CVE-2026-27680 — Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascad... (3.1 LOW)
- CVE-2026-40135 — An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authentica... (6.5 MEDIUM)
- CVE-2026-27682 — Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Serv... (4.7 MEDIUM)
- CVE-2026-34257 — Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL tha... (6.1 MEDIUM)
- CVE-2026-27674 — Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could suppl... (6.1 MEDIUM)