CVE-2024-47586 MEDIUM

CVE-2024-47586: NULL Pointer Dereference vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

Vendor Sap_Se
Product SAP NetWeaver Application Server for ABAP and ABAP Platform
Weakness CWE-476
Published November 12, 2024
Last update November 12, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity.

Key dates

02Disclosure timeline

November 12, 2024 CVE published
November 12, 2024 Record updated