CVE-2021-27633: Input Validation
First published: Wed Jun 09 2021(Updated: )
SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCPIC() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver ABAP | =kernel_7.22 | |
| SAP NetWeaver ABAP | =kernel_7.49 | |
| SAP NetWeaver ABAP | =kernel_7.53 | |
| SAP NetWeaver ABAP | =kernel_7.73 | |
| SAP NetWeaver ABAP | =kernel_8.04 | |
| SAP NetWeaver ABAP | =krnl32nuc_7.22 | |
| SAP NetWeaver ABAP | =krnl32nuc_7.22ext | |
| SAP NetWeaver ABAP | =krnl64nuc_7.22 | |
| SAP NetWeaver ABAP | =krnl64nuc_7.22ext | |
| SAP NetWeaver ABAP | =krnl64nuc_7.49 | |
| SAP NetWeaver ABAP | =krnl64uc_7.22 | |
| SAP NetWeaver ABAP | =krnl64uc_7.22ext | |
| SAP NetWeaver ABAP | =krnl64uc_7.49 | |
| SAP NetWeaver ABAP | =krnl64uc_7.53 | |
| SAP NetWeaver ABAP | =krnl64uc_7.73 | |
| SAP NetWeaver ABAP | =krnl64uc_8.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-27633?
CVE-2021-27633 is a vulnerability in SAP NetWeaver AS for ABAP (RFC Gateway) that allows an unauthenticated attacker to send a specific request to execute a command without specific knowledge of the system.
What software versions are affected by CVE-2021-27633?
CVE-2021-27633 affects SAP NetWeaver AS for ABAP (RFC Gateway) versions KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83.
What is the severity of CVE-2021-27633?
CVE-2021-27633 has a severity rating of high (7.5).
How can I fix CVE-2021-27633?
To fix CVE-2021-27633, apply the necessary patches and updates provided by SAP, and follow the recommendations outlined in the SAP Security Note 3020209.
Where can I find more information about CVE-2021-27633?
You can find more information about CVE-2021-27633 in the SAP Security Note 3020209 and the SAP Community Wiki page.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap netweaver abap
- version/sap netweaver abap/kernel_7.22
- version/sap netweaver abap/kernel_7.49
- version/sap netweaver abap/kernel_7.53
- version/sap netweaver abap/kernel_7.73
- version/sap netweaver abap/kernel_8.04
- version/sap netweaver abap/krnl32nuc_7.22
- version/sap netweaver abap/krnl32nuc_7.22ext
- version/sap netweaver abap/krnl64nuc_7.22
- version/sap netweaver abap/krnl64nuc_7.22ext
- version/sap netweaver abap/krnl64nuc_7.49
- version/sap netweaver abap/krnl64uc_7.22
- version/sap netweaver abap/krnl64uc_7.22ext
- version/sap netweaver abap/krnl64uc_7.49
- version/sap netweaver abap/krnl64uc_7.53
- version/sap netweaver abap/krnl64uc_7.73
- version/sap netweaver abap/krnl64uc_8.04