CVE-2021-27628

HIGH

SAP NetWeaver ABAP Server and ABAP Platform - DoS

Title source: llm

Description

SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method DpRTmPrepareReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

References (2)

Core 2

Core References

Permissions Required, Vendor Advisory

https://launchpad.support.sap.com/#/notes/3021197

Broken Link, Vendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999

Scores

CVSS v3 7.5

EPSS 0.0028

EPSS Percentile 51.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-787

Status published

Products (22)

sap/netweaver_as_abap kernel_7.22

sap/netweaver_as_abap kernel_7.49

sap/netweaver_as_abap kernel_7.53

sap/netweaver_as_abap kernel_7.73

sap/netweaver_as_abap kernel_7.77

sap/netweaver_as_abap kernel_7.81

sap/netweaver_as_abap kernel_7.82

sap/netweaver_as_abap kernel_7.83

sap/netweaver_as_abap kernel_8.04

sap/netweaver_as_abap krnl32nuc_7.22

... and 12 more

Published Jun 09, 2021

Tracked Since Feb 18, 2026