CVE-2021-27634 is a vulnerability in SAP Netweaver Abap
Published on June 9, 2021

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCpicDtCreate () causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

NVD

Weakness Type

What is a Memory Corruption Vulnerability?

The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.

CVE-2021-27634 has been classified to as a Memory Corruption vulnerability or weakness.

Products Associated with CVE-2021-27634

Want to know whenever a new CVE is published for SAP Netweaver Abap? stack.watch will email you.

SAP Netweaver Abap

Affected Versions

SAP SE SAP NetWeaver AS for ABAP (RFC Gateway):

Version < KRNL32NUC - 7.22 is affected.
Version < 7.22EXT is affected.
Version < KRNL64NUC - 7.22 is affected.
Version < 7.49 is affected.
Version < KRNL64UC - 8.04 is affected.
Version < 7.22 is affected.
Version < 7.53 is affected.
Version < 7.73 is affected.
Version < KERNEL - 7.22 is affected.
Version < 8.04 is affected.
Version < 7.77 is affected.
Version < 7.81 is affected.
Version < 7.82 is affected.
Version < 7.83 is affected.

Exploit Probability

EPSS

0.21%

Percentile

43.45%