SAP NetWeaver Denial-of-Service Vulnerability Allowing Uncontrolled Resource Consumption

A denial-of-service vulnerability has been identified in SAP NetWeaver. This issue allows an authenticated attacker with regular user privileges and network access to cause uncontrolled resource consumption. The vulnerability arises when the attacker invokes a remote-enabled function module with an excessively large loop-control parameter, leading to prolonged loop execution that drains system resources. As a result, the system may become unavailable, causing a denial-of-service condition. While this vulnerability impacts availability, it does not affect confidentiality or integrity.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing excessive resource consumption that can render the system unavailable.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, where users can find the complete list of all SAP Security Notes. It is recommended to implement these corrections as a priority.