CVE-2021-27628

Name of the Vulnerable Software and Affected Versions SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher) versions 7.22 through 7.83

Description The issue allows an unauthenticated attacker to send a specially crafted packet over a network, triggering an internal error in the system due to improper input validation in the DpRTmPrepareReq() method. This causes the system to crash and become unavailable. The attack does not allow data in the system to be viewed or modified.

Recommendations For SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher) versions 7.22 through 7.83, consider applying a patch or fix to address the improper input validation issue in the DpRTmPrepareReq() method to prevent system crashes. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.