CVE-2024-30218

EPSS 0.22%
Veröffentlicht 09.04.2024 01:15:50
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

Denial of service (DOS) vulnerability in SAP NetWeaver AS ABAP and ABAP Platform

The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 1 VulnDex Vulnerability Enrichment 3

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSAP_SE

≫

Produkt SAP NetWeaver AS ABAP and ABAP Platform

Default Statusunaffected

Version KRNL64NUC 7.22

Status affected

Version KRNL64NUC 7.22EXT

Status affected

Version KRNL64UC 7.22

Status affected

Version KRNL64UC 7.22EXT

Status affected

Version KRNL64UC 7.53

Status affected

Version KERNEL 7.22

Status affected

Version KERNEL 7.53

Status affected

Version KERNEL 7.77

Status affected

Version KERNEL 7.85

Status affected

Version KERNEL 7.89

Status affected

Version KERNEL 7.54

Status affected

Version KERNEL 7.93

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.444

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-605 Multiple Binds to the Same Port

When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

https://me.sap.com/notes/3359778

https://nvd.nist.gov/vuln/detail/CVE-2024-30218

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-30218

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-30218

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-30218