CVE-2021-27633

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS for ABAP (RFC Gateway) versions 7.22 through 7.83

Description The issue allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network, triggering an internal error in the system due to improper input validation in the ThCPIC() method. This causes the system to crash and renders it unavailable. In this attack, no data in the system can be viewed or modified.

Recommendations For SAP NetWeaver AS for ABAP (RFC Gateway) versions 7.22 through 7.83, consider disabling the ThCPIC() method as a temporary workaround until a patch is available. Restrict access to the RFC Gateway to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.