Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

[ERPSCAN-10-006] SAP NetWeaver MMR — Denail of Service

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver 7.0 metamodel repository
Vendor URL: http://sap.com
Bugs: Denial of service
Exploits: YES
Reported: 15.02.2010
Vendor response: 15.02.2010
Date of Public Advisory: 09.11.2010
Author: Alexandr Polyakov

Description
SAP Netweaver Metamodel Repository can be accessed without authentication by default in the old versions of SAP ECC.

Business Risk
A remote attacker can send a malicious packet to SAP NetWeaver server via the Internet or inside a company and conduct a denial of service attack by resource exhaustion. This will stop server and all business processes running on it. It can lead to monetary and reputation loss.