Vulnerability Description
The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Application Server Java | >= 7.00, <= 7.50 |
References
- https://erpscan.io/advisories/erpscan-17-030-sap-hostcontrol-remote-dos/Third Party Advisory
- https://erpscan.io/advisories/erpscan-17-030-sap-hostcontrol-remote-dos/Third Party Advisory
FAQ
What is CVE-2017-14581?
CVE-2017-14581 is a vulnerability with a CVSS score of 7.5 (HIGH). The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.
How severe is CVE-2017-14581?
CVE-2017-14581 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-14581?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver Application Server Java.