CVE-2017-5997

Name of the Vulnerable Software and Affected Versions SAP KERNEL versions 7.21 through 7.49

Description The issue allows remote attackers to cause a denial of service, resulting in memory consumption and process crash, via multiple requests to the msgserver/group?group= endpoint with a crafted size of the group parameter.

Recommendations For SAP KERNEL versions 7.21 through 7.49, consider restricting access to the msgserver/group?group= endpoint to minimize the risk of exploitation. Avoid using the group parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.