Published: 09/06/2021 Updated: 31/10/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThSncIn() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap netweaver as abap krnl32nuc_7.22
sap netweaver as abap krnl32nuc_7.22ext
sap netweaver as abap krnl64nuc_7.22
sap netweaver as abap krnl64nuc_7.22ext
sap netweaver as abap krnl64nuc_7.49
sap netweaver as abap krnl64uc_8.04
sap netweaver as abap kernel_7.22
sap netweaver as abap kernel_7.49
sap netweaver as abap kernel_8.04
sap netweaver as abap krnl64uc_7.22
sap netweaver as abap krnl64uc_7.22ext
sap netweaver as abap krnl64uc_7.49
sap netweaver as abap krnl64uc_7.53
sap netweaver as abap krnl64uc_7.73
sap netweaver as abap kernel_7.53
sap netweaver as abap kernel_7.73
sap netweaver as abap kernel_7.77
sap netweaver as abap kernel_7.81
sap netweaver as abap kernel_7.82
sap netweaver as abap kernel_7.83
sap netweaver as abap krnl32uc_7.22
sap netweaver as abap krnl32uc_7.22ext

CWE-476 https://launchpad.support.sap.com/#/notes/3021197 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 https://nvd.nist.gov

CVE-2021-27607

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect