PT-2016-1705 · Sap · Sap Netweaver As Java

Published

2016-04-14

Updated

2018-12-10

CVE-2016-4015

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SAP NetWeaver JAVA AS versions 7.1 through 7.4

Description The issue is related to errors in the code of the Enqueue Server component in SAP NetWeaver. It allows remote attackers to cause a denial of service, specifically a process crash, via a crafted request.

Recommendations For SAP NetWeaver JAVA AS versions 7.1 through 7.4, consider applying the fix as described in SAP Security Note 2258784 to resolve the issue. As a temporary workaround, consider restricting access to the Enqueue Server component to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

BDU:2016-01031

CVE-2016-4015

Affected Products

Sap Netweaver As Java

PT-2016-1705 · Sap · Sap Netweaver As Java

CVE-2016-4015

Weakness Enumeration

Related Identifiers

Affected Products

References · 7