CVE-2023-32114

Name of the Vulnerable Software and Affected Versions SAP NetWeaver (Change and Transport System) versions 702 through 757

Description The issue is related to a lack of resource control mechanism in the Change and Transport System component of SAP NetWeaver. This allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly, potentially slowing down or making the server unavailable. The impact is limited to Availability, with no effect on Confidentiality and Integrity of the application. Exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For versions 702 through 757, consider restricting access to the benchmark program to prevent malicious use, and limit the privileges of authenticated users to minimize the risk of exploitation. As a temporary workaround, consider disabling the benchmark program until a more permanent solution is available.