CVE-2021-27603

Summary

An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS for ABAP< 731affected
SAP SESAP NetWeaver AS for ABAP< 740affected
SAP SESAP NetWeaver AS for ABAP< 750affected

Weaknesses

  • Denial of Service

ADP Enrichment

CVE Program Container

Additional References

References