Vigil@nce: SAP, denial of service of SAP Management Console
December 2009 by Vigil@nce
An attacker can send a malicious query to the SAP Management
Console, in order to stop it.
– Severity: 2/4
– Consequences: denial of service of service
– Provenance: intranet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 11/12/2009
IMPACTED PRODUCTS
– SAP ERP
– SAP NetWeaver
DESCRIPTION OF THE VULNERABILITY
The administrator connects to the web interface of the SAP
Management Console, which is associated to the sapstartsrv process.
However, an attacker, allowed to access to this service, can send
a malicious query, in order to stop the process.
Technical details are unknown.
CHARACTERISTICS
– Identifiers: VIGILANCE-VUL-9273
– Url: http://vigilance.fr/vulnerability/SAP-denial-of-service-of-SAP-Management-Console-9273