Input Validation Flaw in SAP NetWeaver ABAP Server Allows Network-Based Denial of Service
CVE-2021-27632

7.5HIGH

Key Information:

Vendor: SAP
Status: SAP Netweaver Abap Server And Abap Platform (enqueue Server)
Vendor: CVE Published:; 9 June 2021

Summary

The SAP NetWeaver ABAP Server and ABAP Platform contain a vulnerability that allows unauthenticated attackers to exploit improper input validation in the EnqConvUniToSrvReq() method. By sending specially crafted packets over the network, an attacker can trigger an internal error that leads to system crashes, effectively causing a denial of service. This vulnerability affects multiple versions of the ABAP Server, allowing the system to become unavailable while preventing data from being viewed or modified.

Affected Version(s)

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) < KRNL32NUC - 7.22 < KRNL32NUC - 7.22

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) < 7.22EXT < 7.22EXT

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) < KRNL64NUC - 7.22 < KRNL64NUC - 7.22

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

https://launchpad.support.sap.com/#/notes/3020104

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 9, 2021
Vulnerability Reserved
Feb 23, 2021