Denial of Service Vulnerability in SAP Gateway Products
CVE-2018-2433

7.5HIGH

Key Information:

Vendor: SAP
Status: SAP Gateway
Vendor: CVE Published:; 10 July 2018

Summary

An identified vulnerability in SAP Gateway allows malicious actors to disrupt legitimate users' access. Attackers could exploit this flaw to either crash the service or flood it with excessive requests, inhibiting user access and service availability. Organizations relying on affected SAP KERNEL versions should assess their systems for protection against potential denial of service attacks.

Affected Version(s)

SAP Gateway SAP KERNEL 32 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT

SAP Gateway SAP KERNEL 32 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT

SAP Gateway SAP KERNEL 64 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT

References

https://launchpad.support.sap.com/#/notes/2597913

x_refsource_MISC

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2018
Vulnerability Reserved
Dec 15, 2017