CVE-2017-5997

CWE-7723 documents3 sources

Severity

7.5HIGH

EPSS

0.7%

top 27.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SAP Kernel

Timeline

PublishedFeb 15

Latest updateMay 13

Description

The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDsap/sap_kernel7.21, 7.22, 7.42+2

🔴Vulnerability Details

GHSA

GHSA-63rc-m339-cmpr: The SAP Message Server HTTP daemon in SAP KERNEL 7↗2022-05-13

▶

CVEList

CVE-2017-5997: The SAP Message Server HTTP daemon in SAP KERNEL 7↗2017-02-15

▶