CVE-2021-27603 — SE SAP Netweaver AS FOR Abap vulnerability

3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 36.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver AS FOR Abap SAP Netweaver Application Server Abap

Timeline

PublishedApr 13

Latest updateMay 24

Description

An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_as_for_abap< 731+2

▶NVDsap/netweaver_application731, 740, 750+2

🔴Vulnerability Details

GHSA

GHSA-7vfx-38v2-mc63: An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length o↗2022-05-24

▶

CVEList

CVE-2021-27603: An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length o↗2021-04-13

▶