Vulnerabilities > CVE-2021-27603 - Unspecified vulnerability in SAP Netweaver Application Server Abap 731/740/750

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

sap

NVD

Published: 2021-04-13

Updated: 2022-10-05

Summary

An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Netweaver Application Server Abap 750 SAP Netweaver Application Server Abap 731 SAP Netweaver Application Server Abap 740	3

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649
https://launchpad.support.sap.com/#/notes/3028729