Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-0995Improper Input Validation in SAP Netweaver

CWE-20Improper Input Validation4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
32.6%
top 3.13%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SAP Netweaver
Timeline
PublishedNov 6
Latest updateMay 14

Description

The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDsap/netweaver7.01+1

🔴Vulnerability Details

2
GHSA
GHSA-6p5j-mpq6-hxph: The Standalone Enqueue Server in SAP Netweaver 72022-05-14
CVEList
CVE-2014-0995: The Standalone Enqueue Server in SAP Netweaver 72014-11-06

💥Exploits & PoCs

1
Exploit-DB
SAP NetWeaver Enqueue Server - Denial of Service2014-10-17
CVE-2014-0995 — Improper Input Validation in SAP | cvebase