{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47586", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-09-27T20:05:59.021Z", "datePublished": "2024-11-12T00:25:56.315Z", "dateUpdated": "2024-11-12T17:14:50.589Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP NetWeaver Application Server for ABAP and ABAP Platform", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "KRNL64NUC 7.22"}, {"status": "affected", "version": "7.22EXT"}, {"status": "affected", "version": "KRNL64UC 7.22"}, {"status": "affected", "version": "7.53"}, {"status": "affected", "version": "8.04"}, {"status": "affected", "version": "KERNEL 7.22"}, {"status": "affected", "version": "7.54"}, {"status": "affected", "version": "7.77"}, {"status": "affected", "version": "7.89"}, {"status": "affected", "version": "7.93"}, {"status": "affected", "version": "9.12"}, {"status": "affected", "version": "9.13"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity.</p>"}], "value": "SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-11-12T00:25:56.315Z"}, "references": [{"url": "https://me.sap.com/notes/3504390"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "NULL Pointer Dereference vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "sap", "product": "netweaver_abap_application_server", "cpes": ["cpe:2.3:a:sap:netweaver_abap_application_server:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "KRNL64NUC 7.22", "status": "affected"}, {"version": "7.22EXT", "status": "affected"}, {"version": "KRNL64UC 7.22", "status": "affected"}, {"version": "7.53", "status": "affected"}, {"version": "8.04", "status": "affected"}, {"version": "KERNEL 7.22", "status": "affected"}, {"version": "7.54", "status": "affected"}, {"version": "7.77", "status": "affected"}, {"version": "7.89", "status": "affected"}, {"version": "7.93", "status": "affected"}, {"version": "9.12", "status": "affected"}, {"version": "9.13", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-12T16:07:46.695432Z", "id": "CVE-2024-47586", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T17:14:50.589Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47586", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-09-27T20:05:59.021Z", "datePublished": "2024-11-12T00:25:56.315Z", "dateUpdated": "2024-11-12T17:14:50.589Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP NetWeaver Application Server for ABAP and ABAP Platform", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "KRNL64NUC 7.22"}, {"status": "affected", "version": "7.22EXT"}, {"status": "affected", "version": "KRNL64UC 7.22"}, {"status": "affected", "version": "7.53"}, {"status": "affected", "version": "8.04"}, {"status": "affected", "version": "KERNEL 7.22"}, {"status": "affected", "version": "7.54"}, {"status": "affected", "version": "7.77"}, {"status": "affected", "version": "7.89"}, {"status": "affected", "version": "7.93"}, {"status": "affected", "version": "9.12"}, {"status": "affected", "version": "9.13"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity.</p>"}], "value": "SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-11-12T00:25:56.315Z"}, "references": [{"url": "https://me.sap.com/notes/3504390"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "NULL Pointer Dereference vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47586", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-12T16:07:46.695432Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:sap:netweaver_abap_application_server:*:*:*:*:*:*:*:*"], "vendor": "sap", "product": "netweaver_abap_application_server", "versions": [{"status": "affected", "version": "KRNL64NUC 7.22"}, {"status": "affected", "version": "7.22EXT"}, {"status": "affected", "version": "KRNL64UC 7.22"}, {"status": "affected", "version": "7.53"}, {"status": "affected", "version": "8.04"}, {"status": "affected", "version": "KERNEL 7.22"}, {"status": "affected", "version": "7.54"}, {"status": "affected", "version": "7.77"}, {"status": "affected", "version": "7.89"}, {"status": "affected", "version": "7.93"}, {"status": "affected", "version": "9.12"}, {"status": "affected", "version": "9.13"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T17:14:35.347Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity."}, {"lang": "es", "value": "SAP NetWeaver Application Server para ABAP y la plataforma ABAP permite que un atacante no autenticado env\u00ede una solicitud http manipulada con fines malintencionados que podr\u00eda provocar una desreferencia de puntero nulo en el n\u00facleo. Esta desreferencia provocar\u00e1 que el sistema se bloquee y se reinicie, lo que provocar\u00e1 que el sistema no est\u00e9 disponible temporalmente. No hay ning\u00fan impacto en la confidencialidad ni en la integridad."}], "id": "CVE-2024-47586", "lastModified": "2024-11-12T13:55:21.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2024-11-12T01:15:04.190", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3504390"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "cna@sap.com", "type": "Primary"}]}

{}