CVE-2021-27603
Last modified
CVE-2021-27603 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system.. EPSS estimates a 0.86% chance of exploitation in the next 30 days.
Description
An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Application Server Abap | 731 |
| Sap | Netweaver Application Server Abap | 740 |
| Sap | Netweaver Application Server Abap | 750 |
References
- https://launchpad.support.sap.com/#/notes/3028729Permissions Required
- https://launchpad.support.sap.com/#/notes/3028729Permissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-27603?
How severe is CVE-2021-27603?
How do I fix CVE-2021-27603?
Are you affected by CVE-2021-27603?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST