CVE-2021-27603
Summary
| CVE | CVE-2021-27603 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-04-13 19:15:00 UTC |
| Updated | 2022-10-05 14:16:00 UTC |
| Description | An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sap | Netweaver Application Server Abap | 731 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 740 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 750 | All | All | All |
| Application | Sap | Netweaver As Abap | 731 | All | All | All |
| Application | Sap | Netweaver As Abap | 740 | All | All | All |
| Application | Sap | Netweaver As Abap | 750 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| launchpad.support.sap.com | MISC | launchpad.support.sap.com | |
| SAP Security Patch Day – April 2021 - Product Security Response at SAP - Community Wiki | MISC | wiki.scn.sap.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 87455 SAP NetWeaver AS ABAP Denial of Service (DoS) Vulnerability