CVE-2017-9844

Published: Jul 12, 2017

Modified: May 1, 2025

PUBLISHED

Description

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer deserializes a malicious object that may cause legitimate users accessing a service, either by crashing or flooding the service.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

96865

vdb-entry

https://erpscan.io/advisories/erpscan-17-014-sap-netweaver-java-deserialization-untrusted-user-value-metadatauploader/

https://me.sap.com/notes/2399804

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-9844

Description

Affected Products

References