Skip to main content

Netweaver CVE-2017-9845

HIGH
Uncontrolled Resource Consumption (CWE-400)
2017-07-12 cve@mitre.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 12, 2017 - 16:29 cve.org
HIGH 7.5

DescriptionCVE.org

disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918.

AnalysisAI

disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918. Affected products include: Sap Netweaver.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

CVE-2012-2611 CRITICAL POC
9.3 May 15

The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispa

CVE-2025-31324 CRITICAL POC
10.0 Apr 24

SAP NetWeaver Visual Composer Metadata Uploader lacks proper authorization, allowing unauthenticated agents to upload ma

CVE-2016-2389 HIGH POC
7.5 Feb 16

Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMI

CVE-2015-7241 CRITICAL POC
9.8 Sep 06

XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2012-2612 MEDIUM POC
5.0 May 15

The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0

CVE-2012-2514 MEDIUM POC
5.0 May 15

The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver

CVE-2012-2512 MEDIUM POC
5.0 May 15

The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver

CVE-2014-0995 MEDIUM POC
5.0 Nov 06

The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of serv

CVE-2012-2513 MEDIUM POC
5.0 May 15

The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP

CVE-2012-2511 MEDIUM POC
5.0 May 15

The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.

CVE-2016-4014 HIGH POC
8.6 Apr 14

XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to ca

CVE-2016-1910 MEDIUM POC
5.3 Jan 15

The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors,

Share

CVE-2017-9845 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy