Details of VAR-201707-1240

ID

VAR-201707-1240

CVE

CVE-2017-9845

TITLE

SAP NetWeaver of disp+work Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-005885

DESCRIPTION

disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918. SAP Netweaver is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions

Trust: 1.98

sources: NVD: CVE-2017-9845 // JVNDB: JVNDB-2017-005885 // BID: 96874 // VULMON: CVE-2017-9845

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver	scope:	eq	version:	7.40	Trust: 1.9
vendor:	sap	model:	netweaver	scope:	eq	version:	7.40 (disp+work 7400.12.21.30308)	Trust: 0.8
vendor:	sap	model:	netweaver	scope:	eq	version:	0	Trust: 0.3

sources: BID: 96874 // JVNDB: JVNDB-2017-005885 // CNNVD: CNNVD-201707-532 // NVD: CVE-2017-9845

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9845
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-9845
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201707-532
value:	HIGH
Trust: 0.6
VULMON:	CVE-2017-9845
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-9845
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2017-9845
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	CVE-2017-9845
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2017-9845 // JVNDB: JVNDB-2017-005885 // CNNVD: CNNVD-201707-532 // NVD: CVE-2017-9845

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.8

sources: JVNDB: JVNDB-2017-005885 // NVD: CVE-2017-9845

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-532

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201707-532

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005885

PATCH

title:	March 2017 (2405918)	url:	https://blogs.sap.com/2017/03/14/sap-security-patch-day-march-2017/	Trust: 0.8
title:	SAP NetWeaver disp+work Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71678	Trust: 0.6
title:	SAP_vulnerabilities	url:	https://github.com/vah13/SAP_vulnerabilities	Trust: 0.1
title:	radamsa-Fuzzer	url:	https://github.com/sunzu94/radamsa-Fuzzer	Trust: 0.1
title:	RADAMSA	url:	https://github.com/StephenHaruna/RADAMSA	Trust: 0.1
title:	radamsa	url:	https://github.com/Hwangtaewon/radamsa	Trust: 0.1
title:	radamsa	url:	https://github.com/benoit-a/radamsa	Trust: 0.1

sources: VULMON: CVE-2017-9845 // JVNDB: JVNDB-2017-005885 // CNNVD: CNNVD-201707-532

EXTERNAL IDS

db:	NVD	id:	CVE-2017-9845	Trust: 2.8
db:	BID	id:	96874	Trust: 1.4
db:	JVNDB	id:	JVNDB-2017-005885	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-532	Trust: 0.6
db:	VULMON	id:	CVE-2017-9845	Trust: 0.1

sources: VULMON: CVE-2017-9845 // BID: 96874 // JVNDB: JVNDB-2017-005885 // CNNVD: CNNVD-201707-532 // NVD: CVE-2017-9845

REFERENCES

url:	https://erpscan.com/advisories/erpscan-17-015-sap-netweaver-dispwork-anonymous-denial-service/	Trust: 1.7
url:	http://www.securityfocus.com/bid/96874	Trust: 1.1
url:	https://erpscan.io/advisories/erpscan-17-015-sap-netweaver-dispwork-anonymous-denial-service/	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9845	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9845	Trust: 0.8
url:	http://www.sap.com	Trust: 0.3
url:	https://launchpad.support.sap.com/#/notes/2405918	Trust: 0.3
url:	https://blogs.sap.com/2017/03/14/sap-security-patch-day-march-2017/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=55568	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/vah13/sap_vulnerabilities	Trust: 0.1

sources: VULMON: CVE-2017-9845 // BID: 96874 // JVNDB: JVNDB-2017-005885 // CNNVD: CNNVD-201707-532 // NVD: CVE-2017-9845

CREDITS

The vendor reported the issue.

Trust: 0.3

sources: BID: 96874

SOURCES

db:	VULMON	id:	CVE-2017-9845
db:	BID	id:	96874
db:	JVNDB	id:	JVNDB-2017-005885
db:	CNNVD	id:	CNNVD-201707-532
db:	NVD	id:	CVE-2017-9845

LAST UPDATE DATE

2024-11-23T22:56:10.618000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2017-9845	date:	2018-12-10T00:00:00
db:	BID	id:	96874	date:	2017-07-19T14:07:00
db:	JVNDB	id:	JVNDB-2017-005885	date:	2017-08-08T00:00:00
db:	CNNVD	id:	CNNVD-201707-532	date:	2017-07-13T00:00:00
db:	NVD	id:	CVE-2017-9845	date:	2024-11-21T03:36:58.403

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2017-9845	date:	2017-07-12T00:00:00
db:	BID	id:	96874	date:	2017-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2017-005885	date:	2017-08-08T00:00:00
db:	CNNVD	id:	CNNVD-201707-532	date:	2017-07-13T00:00:00
db:	NVD	id:	CVE-2017-9845	date:	2017-07-12T16:29:00.453