CVE-2021-21463 – CVE-2021-21463 is a vulnerability in SAP 3D Vis... (How to Fix)

Q: What is the severity of CVE-2021-21463?

CVE-2021-21463 has a CVSS score of 8.8 (HIGH). CVE-2021-21463 is a vulnerability in SAP 3D Visual Enterprise Viewer version 9 that allows attackers to crash the application by tricking users into opening malicious PCX files. This improper input validation flaw causes denial of service, requiring application restart. Users of SAP 3D Visual Enterprise Viewer version 9 are affected.

📋 TL;DR

CVE-2021-21463 is a vulnerability in SAP 3D Visual Enterprise Viewer version 9 that allows attackers to crash the application by tricking users into opening malicious PCX files. This improper input validation flaw causes denial of service, requiring application restart. Users of SAP 3D Visual Enterprise Viewer version 9 are affected.

💻 Affected Systems

Products:

SAP 3D Visual Enterprise Viewer

Versions: Version 9

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 9 are vulnerable when processing PCX files.

📦 What is this software?

3d Visual Enterprise Viewer by Sap

View all CVEs affecting 3d Visual Enterprise Viewer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Application crashes and becomes unavailable until manually restarted, disrupting business workflows that depend on 3D visualization capabilities.

🟠

Likely Case

Users opening malicious PCX files experience application crashes, requiring restart and potentially losing unsaved work.

🟢

If Mitigated

With proper controls, users avoid opening untrusted PCX files, preventing exploitation and maintaining application availability.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction to open malicious PCX file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply SAP Note 3002617

Vendor Advisory: https://launchpad.support.sap.com/#/notes/3002617

Restart Required: Yes

Instructions:

1. Download patch from SAP Note 3002617. 2. Apply patch to SAP 3D Visual Enterprise Viewer installation. 3. Restart the application.

🔧 Temporary Workarounds

Block PCX file extensions

all

Prevent opening of PCX files through application or system configuration

User awareness training

all

Train users not to open PCX files from untrusted sources

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of malicious files
Use email/web gateways to block PCX attachments from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check if SAP 3D Visual Enterprise Viewer version 9 is installed without SAP Note 3002617 applied

Check Version:

Check application About dialog or installation directory for version information

Verify Fix Applied:

Verify SAP Note 3002617 is applied and application version shows patched status

📡 Detection & Monitoring

Log Indicators:

Application crash logs related to PCX file processing
Error messages mentioning memory access violations

Network Indicators:

PCX file downloads from untrusted sources

SIEM Query:

Application: 'SAP 3D Visual Enterprise Viewer' AND Event: 'Crash' AND File: '*.pcx'

📊 Metadata

CVE ID: CVE-2021-21463

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: January 12, 2021

Last Updated: November 21, 2024

🔗 References

https://launchpad.support.sap.com/#/notes/3002617 Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476 Vendor Advisory
https://launchpad.support.sap.com/#/notes/3002617 Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21463, you might also want to check these: