CVE-2021-27603

EPSS 0.51%
Published 13.04.2021 19:15:15
Last modified 21.11.2024 05:58:16
Source cna@sap.com
Teams watchlist Login
Open Login

An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system.

Affected products Warnungen 0 Metrics 4 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Netweaver Application Server Abap Version731

SAP ≫ Netweaver Application Server Abap Version740

SAP ≫ Netweaver Application Server Abap Version750

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.51%	0.638

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P
cna@sap.com	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3028729

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2021-27603

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-27603

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-27603

EUVD