CVE-2024-47586

Summary

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Application Server for ABAP and ABAP PlatformKRNL64NUC 7.22affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform7.22EXTaffected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP PlatformKRNL64UC 7.22affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform7.53affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform8.04affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP PlatformKERNEL 7.22affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform7.54affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform7.77affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform7.89affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform7.93affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform9.12affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform9.13affected

Weaknesses

  • CWE-476: CWE-476: NULL Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References