CVE-2021-27631 is a vulnerability in SAP Netweaver As Abap
Published on June 9, 2021
SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
Weakness Type
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
Products Associated with CVE-2021-27631
Want to know whenever a new CVE is published for SAP Netweaver As Abap? stack.watch will email you.
Affected Versions
SAP SE SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server):- Version < KRNL32NUC - 7.22 is affected.
- Version < 7.22EXT is affected.
- Version < KRNL64NUC - 7.22 is affected.
- Version < 7.49 is affected.
- Version < KRNL64UC - 8.04 is affected.
- Version < 7.22 is affected.
- Version < 7.53 is affected.
- Version < 7.73 is affected.
- Version < KERNEL - 7.22 is affected.
- Version < 8.04 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.