CVE-2021-27629

CWE-125 — Out-of-bounds Read CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGH

EPSS

0.3%

top 48.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Abap Server AND Abap Platform (enqueue Server)SAP Netweaver AS Abap

Timeline

PublishedJun 9

Latest updateMay 24

Description

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncPSetUnsupported() causing the system to crash and rendering it unav…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_abap_server_and_abap_platform_(enqueue_server)< KRNL32NUC - 7.22+9

▶NVDsap/netweaver_as_abap20 versions+19

🔴Vulnerability Details

GHSA

GHSA-ghqc-2jjw-x2g3: SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7↗2022-05-24

▶

CVEList

CVE-2021-27629: SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7↗2021-06-09

▶