CVE-2021-27603

An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system.

Published: Apr 13, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-27603
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
sap / netweaver_application_server_abap	750	750.x
sap / netweaver_application_server_abap	731	731.x
sap / netweaver_application_server_abap	740	740.x

https://launchpad.support.sap.com/#/notes/3028729
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649

Vulnerability Database

289,784

CVE-2021-27603