SAP NetWeaver ABAP Server 7.22 up to 8.04 EncOAMParamStore denial of service

EntryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, was found in SAP NetWeaver ABAP Server 7.22 up to 8.04 (Solution Stack Software). This affects the function EncOAMParamStore. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field06/09/2021 08:52 PM06/11/2021 07:38 PM06/11/2021 07:45 PM
vendorSAPSAPSAP
nameNetWeaver ABAP ServerNetWeaver ABAP ServerNetWeaver ABAP Server
version7.22/7.22EXT/7.49/7.53/7.73/8.047.22/7.22EXT/7.49/7.53/7.73/8.047.22/7.22EXT/7.49/7.53/7.73/8.04
functionEncOAMParamStoreEncOAMParamStoreEncOAMParamStore
cwe404 (denial of service)404 (denial of service)404 (denial of service)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aHHH
cvss3_vuldb_rcCCC
urlhttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999
cveCVE-2021-27606CVE-2021-27606CVE-2021-27606
date1623189600 (06/09/2021)1623189600 (06/09/2021)1623189600 (06/09/2021)
typeSolution Stack SoftwareSolution Stack SoftwareSolution Stack Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiCCC
cvss2_vuldb_rcCCC
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore7.87.87.8
cvss2_vuldb_tempscore7.87.87.8
cvss3_vuldb_basescore7.57.57.5
cvss3_vuldb_tempscore7.57.57.5
cvss3_meta_basescore7.57.57.5
cvss3_meta_tempscore7.57.57.5
price_0day$5k-$25k$5k-$25k$5k-$25k
cve_assigned16140348001614034800
cve_nvd_summarySAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
cve_cnaSAP SE

Might our Artificial Intelligence support you?

Check our Alexa App!