CVE-2021-27628 is a vulnerability in SAP Netweaver As Abap
Published on June 9, 2021

SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method DpRTmPrepareReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

NVD

Weakness Type

What is a Memory Corruption Vulnerability?

The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.

CVE-2021-27628 has been classified to as a Memory Corruption vulnerability or weakness.

Products Associated with CVE-2021-27628

Want to know whenever a new CVE is published for SAP Netweaver As Abap? stack.watch will email you.

SAP Netweaver As Abap

Affected Versions

SAP SE SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher):

Version < KRNL32NUC - 7.22 is affected.
Version < 7.22EXT is affected.
Version < KRNL32UC - 7.22 is affected.
Version < KRNL64NUC - 7.22 is affected.
Version < 7.49 is affected.
Version < KRNL64UC - 8.04 is affected.
Version < 7.22 is affected.
Version < 7.53 is affected.
Version < 7.73 is affected.
Version < KERNEL - 7.22 is affected.
Version < 8.04 is affected.
Version < 7.77 is affected.
Version < 7.81 is affected.
Version < 7.82 is affected.
Version < 7.83 is affected.

Exploit Probability

EPSS

0.28%

Percentile

50.87%