Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-27606

EPSS 0.28% · P51
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-27606

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存读
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP NetWeaver AS ABAP Business Server 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP NetWeaver AS ABAP Business Server是德国思爱普(SAP)公司的一款适用于ABAP(高级商务应用编程)的应用服务器。 SAP NetWeaver AS ABAP Business Server存在缓冲区错误漏洞,该漏洞源于NetWeaver ABAP Server和ABAP Platform存在内存损坏漏洞。攻击者利用该漏洞可以使用SAP产品的多个漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SAP SESAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) < KRNL32NUC - 7.22 -

II. Public POCs for CVE-2021-27606

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-27606

登录查看更多情报信息。

Same Patch Batch · SAP SE · 2021-06-09 · 39 CVEs total

CVE-2021-33662SAP Business One 信息泄露漏洞
CVE-2021-27621SAP Netweaver 信息泄露漏洞
CVE-2021-27637SAP Workforce Performance 信息泄露漏洞
CVE-2021-27639SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
CVE-2021-27635SAP Netweaver 代码问题漏洞
CVE-2021-27638SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
CVE-2021-27641SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
CVE-2021-27643SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
CVE-2021-27640SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
CVE-2021-27642SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
CVE-2021-27615SAP Manufacturing Execution 跨站脚本漏洞
CVE-2021-33660SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
CVE-2021-33666SAP Commerce Cloud 跨站脚本漏洞
CVE-2021-33664SAP NetWeaver Application Server 跨站脚本漏洞
CVE-2021-33661SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
CVE-2021-33659SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
CVE-2021-33663SAP Netweaver 命令注入漏洞
CVE-2021-33665SAP NetWeaver Application Server 跨站脚本漏洞
CVE-2021-33669SAP Mobile安全漏洞
CVE-2021-27629SAP Netweaver 缓冲区错误漏洞

Showing top 20 of 39 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)
Same vendor: SAP SE
Same weakness: CWE-125

V. Comments for CVE-2021-27606

No comments yet

Leave a comment