First published: Wed Jul 12 2017(Updated: )
SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SAP NetWeaver | =7400.12.21.30308 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-9844 has a high severity rating due to its potential for denial of service and arbitrary code execution.
To mitigate CVE-2017-9844, apply the patches provided in SAP Security Note 2399804.
CVE-2017-9844 affects SAP NetWeaver version 7400.12.21.30308.
CVE-2017-9844 is a remote code execution and denial of service vulnerability in SAP NetWeaver.
Yes, CVE-2017-9844 can be exploited remotely by attackers sending crafted requests to the metadatauploader.