Vulnerability in SAP NetWeaver ABAP Server and ABAP Platform
CVE-2021-27631

7.5HIGH

Key Information:

Vendor: SAP
Status: SAP Netweaver Abap Server And Abap Platform (enqueue Server)
Vendor: CVE Published:; 9 June 2021

Summary

A vulnerability exists in the SAP NetWeaver ABAP Server and ABAP Platform that allows unauthenticated attackers to send specially crafted packets over a network, leading to an internal error and a system crash. This issue arises from improper input validation within the EnqConvUniToSrvReq() method, resulting in service unavailability without allowing any data modification or access.

Affected Version(s)

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) < KRNL32NUC - 7.22 < KRNL32NUC - 7.22

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) < 7.22EXT < 7.22EXT

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) < KRNL64NUC - 7.22 < KRNL64NUC - 7.22

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

https://launchpad.support.sap.com/#/notes/3020104

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 9, 2021
Vulnerability Reserved
Feb 23, 2021