CVE-2021-27630

Name of the Vulnerable Software and Affected Versions SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) versions 7.22, 7.22EXT, 7.49, 7.53, 7.73, 8.04

Description The issue allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network, triggering an internal error in the system due to improper input validation in the EnqConvUniToSrvReq() method. This causes the system to crash and renders it unavailable. In this attack, no data in the system can be viewed or modified.

Recommendations For SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) version 7.22, consider applying a patch to fix the improper input validation issue in the EnqConvUniToSrvReq() method. For SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) version 7.22EXT, consider applying a patch to fix the improper input validation issue in the EnqConvUniToSrvReq() method. For SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) version 7.49, consider applying a patch to fix the improper input validation issue in the EnqConvUniToSrvReq() method. For SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) version 7.53, consider applying a patch to fix the improper input validation issue in the EnqConvUniToSrvReq() method. For SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) version 7.73, consider applying a patch to fix the improper input validation issue in the EnqConvUniToSrvReq() method. For SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) version 8.04, consider applying a patch to fix the improper input validation issue in the EnqConvUniToSrvReq() method. As a temporary workaround, consider disabling the EnqConvUniToSrvReq() method until a patch is available.