CVE-2021-27633

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCPIC() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Published: Jun 9, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-27633
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
sap / netweaver_abap	krnl32nuc_7.22	krnl32nuc_7.22.x
sap / netweaver_abap	krnl32nuc_7.22ext	krnl32nuc_7.22ext.x
sap / netweaver_abap	krnl64nuc_7.22	krnl64nuc_7.22.x
sap / netweaver_abap	krnl64nuc_7.22ext	krnl64nuc_7.22ext.x
sap / netweaver_abap	krnl64nuc_7.49	krnl64nuc_7.49.x
sap / netweaver_abap	krnl64uc_8.04	krnl64uc_8.04.x
sap / netweaver_abap	kernel_7.22	kernel_7.22.x
sap / netweaver_abap	kernel_7.49	kernel_7.49.x
sap / netweaver_abap	kernel_8.04	kernel_8.04.x
sap / netweaver_abap	krnl64uc_7.22	krnl64uc_7.22.x
sap / netweaver_abap	krnl64uc_7.22ext	krnl64uc_7.22ext.x
sap / netweaver_abap	krnl64uc_7.49	krnl64uc_7.49.x
sap / netweaver_abap	krnl64uc_7.53	krnl64uc_7.53.x
sap / netweaver_abap	krnl64uc_7.73	krnl64uc_7.73.x
sap / netweaver_abap	kernel_7.53	kernel_7.53.x
sap / netweaver_abap	kernel_7.73	kernel_7.73.x

Vulnerability Database

290,206

CVE-2021-27633