What is the vulnerability ID of this SAP NetWeaver ABAP Server vulnerability?

The vulnerability ID is CVE-2021-27629.

What is the severity of CVE-2021-27629?

The severity of CVE-2021-27629 is high with a severity value of 7.5.

Are there any references for further information about CVE-2021-27629?

Yes, you can find more information about CVE-2021-27629 at the following references: [Reference 1](https://launchpad.support.sap.com/#/notes/3020104), [Reference 2](https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999).

Vulnerability/
CVE-2021-27629

high

7.5

CWE

125 20

9/6/2021

3/8/2024

CVE-2021-27629: Input Validation

First published: Wed Jun 09 2021(Updated: )

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncPSetUnsupported() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP NetWeaver AS ABAP	=kernel_7.22
SAP NetWeaver AS ABAP	=kernel_7.49
SAP NetWeaver AS ABAP	=kernel_7.53
SAP NetWeaver AS ABAP	=kernel_7.73
SAP NetWeaver AS ABAP	=kernel_7.77
SAP NetWeaver AS ABAP	=kernel_7.81
SAP NetWeaver AS ABAP	=kernel_7.82
SAP NetWeaver AS ABAP	=kernel_7.83
SAP NetWeaver AS ABAP	=kernel_8.04
SAP NetWeaver AS ABAP	=krnl32nuc_7.22
SAP NetWeaver AS ABAP	=krnl32nuc_7.22ext
SAP NetWeaver AS ABAP	=krnl64nuc_7.22
SAP NetWeaver AS ABAP	=krnl64nuc_7.22ext
SAP NetWeaver AS ABAP	=krnl64nuc_7.49
SAP NetWeaver AS ABAP	=krnl64uc_7.22
SAP NetWeaver AS ABAP	=krnl64uc_7.22ext
SAP NetWeaver AS ABAP	=krnl64uc_7.49
SAP NetWeaver AS ABAP	=krnl64uc_7.53
SAP NetWeaver AS ABAP	=krnl64uc_7.73
SAP NetWeaver AS ABAP	=krnl64uc_8.04

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this SAP NetWeaver ABAP Server vulnerability?
The vulnerability ID is CVE-2021-27629.
What is the severity of CVE-2021-27629?
The severity of CVE-2021-27629 is high with a severity value of 7.5.
Which versions of SAP NetWeaver ABAP Server and ABAP Platform are affected by CVE-2021-27629?
SAP NetWeaver ABAP Server and ABAP Platform versions KRNL32NUC 7.22, 7.22EXT, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73, KERNEL 7.22, 8.04, 7.49, 7.53, 7.73 are affected by CVE-2021-27629.
What is the vulnerability description of CVE-2021-27629?
CVE-2021-27629 is a vulnerability in SAP NetWeaver ABAP Server and ABAP Platform that allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted request, potentially leading to unauthorized access or privilege escalation.
Are there any references for further information about CVE-2021-27629?
Yes, you can find more information about CVE-2021-27629 at the following references: [Reference 1](https://launchpad.support.sap.com/#/notes/3020104), [Reference 2](https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999).

collector/nvd-index
agent/references
agent/weakness
agent/type
agent/event
agent/severity
agent/author
agent/description
agent/softwarecombine
agent/first-publish-date
agent/tags
agent/last-modified-date
collector/mitre-cve
source/MITRE
vendor/sap
canonical/sap netweaver as abap
version/sap netweaver as abap/kernel_7.22
version/sap netweaver as abap/kernel_7.49
version/sap netweaver as abap/kernel_7.53
version/sap netweaver as abap/kernel_7.73
version/sap netweaver as abap/kernel_7.77
version/sap netweaver as abap/kernel_7.81
version/sap netweaver as abap/kernel_7.82
version/sap netweaver as abap/kernel_7.83
version/sap netweaver as abap/kernel_8.04
version/sap netweaver as abap/krnl32nuc_7.22
version/sap netweaver as abap/krnl32nuc_7.22ext
version/sap netweaver as abap/krnl64nuc_7.22
version/sap netweaver as abap/krnl64nuc_7.22ext
version/sap netweaver as abap/krnl64nuc_7.49
version/sap netweaver as abap/krnl64uc_7.22
version/sap netweaver as abap/krnl64uc_7.22ext
version/sap netweaver as abap/krnl64uc_7.49
version/sap netweaver as abap/krnl64uc_7.53
version/sap netweaver as abap/krnl64uc_7.73
version/sap netweaver as abap/krnl64uc_8.04

CVE-2021-27629: Input Validation

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this SAP NetWeaver ABAP Server vulnerability?

What is the severity of CVE-2021-27629?

Which versions of SAP NetWeaver ABAP Server and ABAP Platform are affected by CVE-2021-27629?

What is the vulnerability description of CVE-2021-27629?

Are there any references for further information about CVE-2021-27629?

Company

Resources

Contact