ID CVE-2016-9562
Summary SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.
References
Vulnerable Configurations
  • cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 20-04-2021 - 19:42)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid
  • 92418
  • 95363
misc https://erpscan.io/advisories/erpscan-16-033-sap-netweaver-java-icman-dos-vulnerability/
Last major update 20-04-2021 - 19:42
Published 23-11-2016 - 02:59
Last modified 20-04-2021 - 19:42
Back to Top