ID CVE-2017-9844
Summary SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804.
References
Vulnerable Configurations
  • cpe:2.3:a:sap:netweaver:7400.12.21.30308
    cpe:2.3:a:sap:netweaver:7400.12.21.30308
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-502
CAPEC
refmap via4
bid 96865
misc https://erpscan.com/advisories/erpscan-17-014-sap-netweaver-java-deserialization-untrusted-user-value-metadatauploader/
Last major update 12-07-2017 - 12:29
Published 12-07-2017 - 12:29
Last modified 21-07-2017 - 16:26
Back to Top