CVE-2021-27634

CWE-787Out-of-bounds WriteCWE-20Improper Input Validation3 documents3 sources
Severity
5.9MEDIUM
EPSS
0.2%
top 56.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver AS FOR Abap (rfc Gateway)SAP Netweaver Abap
Timeline
PublishedJun 9
Latest updateMay 24

Description

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCpicDtCreate () causing the system to crash and rendering it unavaila

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5sap_se/sap_netweaver_as_for_abap_(rfc_gateway)< KRNL32NUC - 7.22+13
NVDsap/netweaver_abap16 versions+15

🔴Vulnerability Details

2
GHSA
GHSA-v752-6j86-7g43: SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 72022-05-24
CVEList
CVE-2021-27634: SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 72021-06-09
CVE-2021-27634 (MEDIUM CVSS 5.9) | SAP NetWeaver AS for ABAP (RFC Gate | cvebase.io