CVE-2016-9562

CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

7.5HIGH

EPSS

1.2%

top 21.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Netweaver Application Server Java

Timeline

PublishedNov 23

Latest updateMay 13

Description

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDsap/netweaver_application7.40

🔴Vulnerability Details

GHSA

GHSA-g8w9-9vp7-w33m: SAP NetWeaver AS JAVA 7↗2022-05-13

▶

CVEList

CVE-2016-9562: SAP NetWeaver AS JAVA 7↗2016-11-23

▶