Vulnerabilities > CVE-2016-4015 - Unspecified vulnerability in SAP Netweaver

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

sap

NVD

Published: 2016-04-14

Updated: 2018-12-10

Summary

The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Netweaver 7.1 SAP Netweaver 7.2 SAP Netweaver 7.3 SAP Netweaver 7.4	4

References

https://erpscan.io/press-center/blog/dos-vulnerabilities-on-the-rise-sap-security-notes-april-2016/
https://erpscan.io/advisories/erpscan-16-019-sap-netweaver-enqueue-server-dos-vulnerability/