Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

 Subscribe me to your mailing list

[ERPSCAN-16-036] SAP ASE ODATA Server – Denial of Service

Application: SAP ASE
Versions Affected: SAP ASE 16
Vendor URL: SAP
Bugs: Denial of Service
Reported: 01.02.2016
Vendor response: 02.02.2016
Date of Public Advisory: 12.10.2016
Reference: SAP Security Note 2330422
Author: Vahagn Vardanyan (ERPScan)

Description

An attacker can trigger a condition in which the process ceases to run. This condition can be intentionally provoked by an attacker to cause denial of service.

Business risk

An attacker can use a Denial of Service vulnerability to terminate a process of the vulnerable component. For this time, nobody can use this service, which negatively influences on business processes, system downtime, and business reputation as result.