A partner account manager can help. Contact us today.

 Subscribe me your mailing list

[ERPSCAN-16-033] SAP NetWeaver AS JAVA icman – DoS vulnerability

Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.4
Vendor URL: SAP
Bugs: DoS
Reported: 22.04.2016
Vendor response: 23.04.2016
Date of Public Advisory: 08.08.2016
Reference: SAP Security Note 2313835
Author: Vahagn Vardanyan (ERPScan)


Anonymous attacker can use a special HTTP request to perform a DoS attack against SAP icman.

Business risk

An attacker can use a Denial of service vulnerability to terminate a process of a vulnerable component. For this period of time, nobody can use this service, which negatively affects usiness processes, system downtime and, as a result, business reputation.