SAP NetWeaver Denial-of-Service Vulnerability Allowing Uncontrolled Resource Consumption

A denial-of-service vulnerability has been identified in SAP NetWeaver. This issue allows an authenticated attacker with regular user privileges and network access to cause uncontrolled resource consumption. The vulnerability arises when the attacker repeatedly invokes a remote-enabled function module with an excessively large loop-control parameter. This action triggers prolonged loop execution that consumes excessive system resources, potentially rendering the system unavailable. While the exploitation of this vulnerability leads to a denial-of-service condition impacting system availability, it does not affect confidentiality or integrity.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing excessive resource consumption that can render the system unavailable.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, specifically on the SAP Security Patch Day.