CVE-2021-27603 Information

Jun 07, 2022 cve

Description

An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP versions - 731 740 750 allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 https://launchpad.support.sap.com/#/notes/3028729

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5

Share on: