← back
CVE-2021-27603

CVE-2021-27603

CVSS 6.5 MEDIUMEPSS 0.9%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 Apr 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
SAP SE · SAP NetWeaver AS for ABAP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/3028729https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649