CVE-2024-47586
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform | KRNL64NUC 7.22 | affected |
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform | 7.22EXT | affected |
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform | KRNL64UC 7.22 | affected |
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform | 7.53 | affected |
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform | 8.04 | affected |
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform | KERNEL 7.22 | affected |
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform | 7.54 | affected |
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform | 7.77 | affected |
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform | 7.89 | affected |
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform | 7.93 | affected |
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform | 9.12 | affected |
| SAP_SE | SAP NetWeaver Application Server for ABAP and ABAP Platform | 9.13 | affected |
Weaknesses
- CWE-476: CWE-476: NULL Pointer Dereference
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.