{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-33001", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-04-23T04:04:25.520Z", "datePublished": "2024-06-11T02:05:00.333Z", "dateUpdated": "2024-08-02T02:27:53.403Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP NetWeaver and ABAP platform", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "ST-PI 2008_1_700"}, {"status": "affected", "version": "2008_1_710"}, {"status": "affected", "version": "740"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP NetWeaver and ABAP platform allows an\nattacker to impede performance for legitimate users by crashing or flooding the\nservice.</p>\n\nAn\nimpact of this Denial of Service vulnerability might be long response delays\nand service interruptions, thus degrading the service quality experienced by\nlegitimate users causing high impact on availability of the application.\n\n\n\n"}], "value": "SAP NetWeaver and ABAP platform allows an\nattacker to impede performance for legitimate users by crashing or flooding the\nservice.\n\n\n\nAn\nimpact of this Denial of Service vulnerability might be long response delays\nand service interruptions, thus degrading the service quality experienced by\nlegitimate users causing high impact on availability of the application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-06-11T02:05:00.333Z"}, "references": [{"url": "https://me.sap.com/notes/3453170"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Denial of service (DOS) in SAP NetWeaver and ABAP platform", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "sap_se", "product": "sap_netweaver_and_abap_platform", "cpes": ["cpe:2.3:a:sap_se:sap_netweaver_and_abap_platform:740:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "740", "status": "affected"}, {"version": "2008_1_710", "status": "affected"}, {"version": "ST-PI_2008_1_700", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-18T19:53:26.938876Z", "id": "CVE-2024-33001", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T17:29:13.906Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:27:53.403Z"}, "title": "CVE Program Container", "references": [{"url": "https://me.sap.com/notes/3453170", "tags": ["x_transferred"]}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://me.sap.com/notes/3453170", "tags": ["x_transferred"]}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:27:53.403Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-33001", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-18T19:53:26.938876Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:sap_se:sap_netweaver_and_abap_platform:740:*:*:*:*:*:*:*"], "vendor": "sap_se", "product": "sap_netweaver_and_abap_platform", "versions": [{"status": "affected", "version": "740"}, {"status": "affected", "version": "2008_1_710"}, {"status": "affected", "version": "ST-PI_2008_1_700"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T19:01:33.948Z"}}], "cna": {"title": "Denial of service (DOS) in SAP NetWeaver and ABAP platform", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP NetWeaver and ABAP platform", "versions": [{"status": "affected", "version": "ST-PI 2008_1_700"}, {"status": "affected", "version": "2008_1_710"}, {"status": "affected", "version": "740"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3453170"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "SAP NetWeaver and ABAP platform allows an\nattacker to impede performance for legitimate users by crashing or flooding the\nservice.\n\n\n\nAn\nimpact of this Denial of Service vulnerability might be long response delays\nand service interruptions, thus degrading the service quality experienced by\nlegitimate users causing high impact on availability of the application.", "supportingMedia": [{"type": "text/html", "value": "<p>SAP NetWeaver and ABAP platform allows an\nattacker to impede performance for legitimate users by crashing or flooding the\nservice.</p>\n\nAn\nimpact of this Denial of Service vulnerability might be long response delays\nand service interruptions, thus degrading the service quality experienced by\nlegitimate users causing high impact on availability of the application.\n\n\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-06-11T02:05:00.333Z"}}}, "cveMetadata": {"cveId": "CVE-2024-33001", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:27:53.403Z", "dateReserved": "2024-04-23T04:04:25.520Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2024-06-11T02:05:00.333Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*", "matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:2008_1_710:*:*:*:*:*:*:*", "matchCriteriaId": "B73EF71D-B02D-494D-9FCA-E8B45B8126C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:st-pi_2008_1_700:*:*:*:*:*:*:*", "matchCriteriaId": "40A30E2E-8FE7-4866-A3A5-9DE9D407FCBB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver and ABAP platform allows an\nattacker to impede performance for legitimate users by crashing or flooding the\nservice.\n\n\n\nAn\nimpact of this Denial of Service vulnerability might be long response delays\nand service interruptions, thus degrading the service quality experienced by\nlegitimate users causing high impact on availability of the application."}, {"lang": "es", "value": "La plataforma SAP NetWeaver y ABAP permite a un atacante impedir el rendimiento de usuarios leg\u00edtimos bloqueando o inundando el servicio. Un impacto de esta vulnerabilidad de denegaci\u00f3n de servicio podr\u00eda ser largas demoras en la respuesta e interrupciones del servicio, degradando as\u00ed la calidad del servicio experimentada por los usuarios leg\u00edtimos y causando un alto impacto en la disponibilidad de la aplicaci\u00f3n."}], "id": "CVE-2024-33001", "lastModified": "2024-11-21T09:16:12.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cna@sap.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-11T03:15:10.393", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3453170"}, {"source": "cna@sap.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3453170"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "cna@sap.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}