CVE-2021-27631

Name of the Vulnerable Software and Affected Versions SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) versions 7.22, 7.22EXT, 7.49, 7.53, 7.73, 8.04

Description The issue allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network, triggering an internal error in the system due to improper input validation in the EnqConvUniToSrvReq() method. This causes the system to crash and renders it unavailable. In this attack, no data in the system can be viewed or modified.

Recommendations For SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) version 7.22, consider disabling the EnqConvUniToSrvReq() method until a patch is available. For SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) version 7.22EXT, consider disabling the EnqConvUniToSrvReq() method until a patch is available. For SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) version 7.49, consider disabling the EnqConvUniToSrvReq() method until a patch is available. For SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) version 7.53, consider disabling the EnqConvUniToSrvReq() method until a patch is available. For SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) version 7.73, consider disabling the EnqConvUniToSrvReq() method until a patch is available. For SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) version 8.04, consider disabling the EnqConvUniToSrvReq() method until a patch is available.