Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-27603

An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system.

Published

2021-04-13T19:15:15.397

Last Modified

2024-11-21T05:58:16.687

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	netweaver_application_server_abap	731	Yes
Application	sap	netweaver_application_server_abap	740	Yes
Application	sap	netweaver_application_server_abap	750	Yes

References

https://launchpad.support.sap.com/#/notes/3028729 Permissions Required ([email protected])
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 Vendor Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/3028729 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)