Lucene search

SapCVELIST:CVE-2024-33001

HistoryJun 11, 2024 - 2:05 a.m.

CVE-2024-33001 Denial of service (DOS) in SAP NetWeaver and ABAP platform

2024-06-1102:05:00

CWE-400

sap

www.cve.org

sap

netweaver

abap

denial of service

vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

SAP NetWeaver and ABAP platform allows an
attacker to impede performance for legitimate users by crashing or flooding the
service.

An
impact of this Denial of Service vulnerability might be long response delays
and service interruptions, thus degrading the service quality experienced by
legitimate users causing high impact on availability of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver and ABAP platform",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "ST-PI 2008_1_700"
      },
      {
        "status": "affected",
        "version": "2008_1_710"
      },
      {
        "status": "affected",
        "version": "740"
      }
    ]
  }
]

References

me.sap.com/notes/3453170

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-33001