ID

VAR-202104-1029


CVE

CVE-2021-27603


TITLE

SAP NetWeaver AS ABAP  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-005390

DESCRIPTION

An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system. SAP NetWeaver AS ABAP Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2021-27603 // JVNDB: JVNDB-2021-005390 // VULMON: CVE-2021-27603

AFFECTED PRODUCTS

vendor:sapmodel:netweaver as abapscope:eqversion:750

Trust: 1.8

vendor:sapmodel:netweaver as abapscope:eqversion:740

Trust: 1.8

vendor:sapmodel:netweaver as abapscope:eqversion:731

Trust: 1.8

vendor:sapmodel:netweaver as abapscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-005390 // NVD: CVE-2021-27603

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-27603
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202104-714
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-27603
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-27603
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

NVD: CVE-2021-27603
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-27603
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-27603 // JVNDB: JVNDB-2021-005390 // CNNVD: CNNVD-202104-714 // NVD: CVE-2021-27603

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-005390 // NVD: CVE-2021-27603

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-714

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-714

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "children": [],
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:731:*:*:*:*:*:*:*",
            "cpe_name": []
          },
          {
            "vulnerable": true,
            "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:740:*:*:*:*:*:*:*",
            "cpe_name": []
          },
          {
            "vulnerable": true,
            "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:750:*:*:*:*:*:*:*",
            "cpe_name": []
          }
        ]
      }
    ]
  }
]

sources: NVD: CVE-2021-27603

PATCH

title:SAP Security Patch Day - April 2021url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=573801649

Trust: 0.8

sources: JVNDB: JVNDB-2021-005390

EXTERNAL IDS

db:NVDid:CVE-2021-27603

Trust: 3.3

db:JVNDBid:JVNDB-2021-005390

Trust: 0.8

db:CNNVDid:CNNVD-202104-714

Trust: 0.6

db:VULMONid:CVE-2021-27603

Trust: 0.1

sources: VULMON: CVE-2021-27603 // JVNDB: JVNDB-2021-005390 // CNNVD: CNNVD-202104-714 // NVD: CVE-2021-27603

REFERENCES

url:https://launchpad.support.sap.com/#/notes/3028729

Trust: 1.7

url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=573801649

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-27603

Trust: 1.4

url:https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-april-2021-35059

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-27603 // JVNDB: JVNDB-2021-005390 // CNNVD: CNNVD-202104-714 // NVD: CVE-2021-27603

SOURCES

db:VULMONid:CVE-2021-27603
db:JVNDBid:JVNDB-2021-005390
db:CNNVDid:CNNVD-202104-714
db:NVDid:CVE-2021-27603

LAST UPDATE DATE

2022-05-04T09:15:26.320000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-27603date:2021-04-19T00:00:00
db:JVNDBid:JVNDB-2021-005390date:2021-12-14T04:42:00
db:CNNVDid:CNNVD-202104-714date:2021-04-20T00:00:00
db:NVDid:CVE-2021-27603date:2021-04-19T18:16:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-27603date:2021-04-13T00:00:00
db:JVNDBid:JVNDB-2021-005390date:2021-12-14T00:00:00
db:CNNVDid:CNNVD-202104-714date:2021-04-13T00:00:00
db:NVDid:CVE-2021-27603date:2021-04-13T19:15:00