Login Sign Up

CVE-2021-27630

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2021-27630 is a denial-of-service vulnerability in SAP NetWeaver ABAP Server and ABAP Platform Enqueue Server. An unauthenticated attacker can send a specially crafted network packet to crash the system, making it unavailable. This affects organizations running vulnerable SAP NetWeaver versions.

💻 Affected Systems

Products:
  • SAP NetWeaver ABAP Server
  • SAP NetWeaver ABAP Platform
Versions: KRNL32NUC: 7.22, 7.22EXT; KRNL64NUC: 7.22, 7.22EXT, 7.49; KRNL64UC: 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73; KERNEL: 7.22, 8.04, 7.49, 7.53, 7.73
Operating Systems: All platforms running affected SAP kernels
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the Enqueue Server component specifically. No data compromise occurs, only availability impact.

📦 What is this software?

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

Netweaver As Abap by Sap

View all CVEs affecting Netweaver As Abap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system outage of SAP services, disrupting business operations that depend on SAP applications.

🟠

Likely Case

Service disruption affecting availability of SAP systems, potentially causing operational downtime.

🟢

If Mitigated

Limited impact if systems are patched, network-restricted, or behind firewalls with proper filtering.

🌐 Internet-Facing: HIGH - Unauthenticated network attack that can be triggered remotely without credentials.
🏢 Internal Only: HIGH - Even internal attackers or compromised internal systems can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW - Simple network packet triggering an internal error.

Exploitation requires network access to the Enqueue Server port (typically 3200-3299). No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply SAP Security Note 3020104

Vendor Advisory: https://launchpad.support.sap.com/#/notes/3020104

Restart Required: Yes

Instructions:

1. Download SAP Note 3020104 from SAP Support Portal. 2. Apply kernel patch according to SAP standard procedures. 3. Restart affected SAP systems.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Enqueue Server ports (3200-3299) to trusted sources only.

Firewall Rules

all

Implement firewall rules to block unauthorized access to SAP Enqueue Server ports.

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach SAP Enqueue Server ports.
  • Monitor system logs for crash events and implement rapid response procedures for potential DoS incidents.

🔍 How to Verify

Check if Vulnerable:

Check SAP kernel version using transaction SM51 or OS command 'disp+work'.

Check Version:

On SAP system: Execute transaction SM51 or run 'disp+work -version' from OS command line.

Verify Fix Applied:

Verify SAP Note 3020104 is applied by checking applied notes in SAP system or kernel patch level.

📡 Detection & Monitoring

Log Indicators:

  • System crash logs
  • Enqueue Server termination events
  • ABAP dumps related to EnqConvUniToSrvReq()

Network Indicators:

  • Unusual traffic to Enqueue Server ports (3200-3299)
  • Malformed packets to SAP services

SIEM Query:

Search for: 'Enqueue Server crash' OR 'ABAP dump' OR 'system termination' in SAP logs

📊 Metadata

CVE ID: CVE-2021-27630
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: June 9, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27630, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)