SAP NetWeaver MMR — Denail of Service

Type erpscan
Reporter ERPScan
Modified 2010-02-15T00:00:00


Application: SAP NetWeaver
Versions Affected: SAP NetWeaver 7.0 metamodel repository
Vendor URL: <>
Bugs: Denial of service
Exploits: YES
Reported: 15.02.2010
Vendor response: 15.02.2010
Date of Public Advisory: 09.11.2010
Author: Alexandr Polyakov

SAP Netweaver Metamodel Repository can be accessed without authentication by default in the old versions of SAP ECC.

Business Risk
A remote attacker can send a malicious packet to SAP NetWeaver server via the Internet or inside a company and conduct a denial of service attack by resource exhaustion. This will stop server and all business processes running on it. It can lead to monetary and reputation loss.