CVE-2017-9843 — LOW (2.7) — White Hats Nepal

Vulnerability Description

SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841.

CVSS Score

2.7

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Sap	Netweaver Abap	7.40

References

http://www.securityfocus.com/bid/96900Broken LinkThird Party AdvisoryVDB Entry
https://erpscan.io/advisories/erpscan-17-010-sap-netweaver-abap-dispwork-crash-uBroken LinkExploitThird Party Advisory
http://www.securityfocus.com/bid/96900Broken LinkThird Party AdvisoryVDB Entry
https://erpscan.io/advisories/erpscan-17-010-sap-netweaver-abap-dispwork-crash-uBroken LinkExploitThird Party Advisory

FAQ

What is CVE-2017-9843?

CVE-2017-9843 is a vulnerability with a CVSS score of 2.7 (LOW). SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841.

How severe is CVE-2017-9843?

CVE-2017-9843 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-9843?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver Abap.