CVE-2021-27603
MEDIUMSAP NetWeaver AS ABAP 731, 740, 750 - Denial of Service via SPI_WAIT_MILLIS Function Module
Title source: llmDescription
An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/3028729
Scores
CVSS v3
6.5
EPSS
0.0045
EPSS Percentile
63.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (3)
sap/netweaver_application_server_abap
731
sap/netweaver_application_server_abap
740
sap/netweaver_application_server_abap
750
Published
Apr 13, 2021
Tracked Since
Feb 18, 2026