[ERPSCAN-12-045] SAP NetWeaver SDM – denial of service
Application: SAP NetWeaver SDM
Versions Affected: SAP NetWeaver SDM
Vendor URL: http://www.sap.com
Vendor response: 11.02.2012
Date of Public Advisory: 10.12.2012
Reference: SAP Security Note 1724516
Authors: Alexander Polyakov (ERPScan)
SAP NetWeaver SDM service, which listens to port 5NN18 by default, is vulnerable to a denial of service attack executed with one request.
A remote attacker can send a malicious packet to SAP NetWeaver server via the Internet or inside company and conduct a denial of service attack by resource exhaustion. This will stop the server and all business processes running on it. It can lead to monetary and reputational loss.