[ERPSCAN-14-001] SAP NetWeaver Message Server – DoS
Application: SAP NetWeaver Message Server
Versions Affected: SAP KERNEL 7.20 32BIT
Vendor URL: http://www.sap.com
Bugs: Improper Input Validation
Vendor response: 11.07.2013
Date of Public Advisory: 25.01.2014
Reference: SAP Security Note 1773912
Author: George Nosenko (ERPScan)
A remote attacker can conduct a denial of service attack against SAP Message Server, or affect its control flow, without authorization.
An attacker can use a denial of service vulnerability for terminating the process of the vulnerable component. As a result, nobody can use this service, which has a negative influence on business processes. System downtime also harms business reputation.
To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: