CVE-2017-9844

Severity CVSS v4.0:
Pending analysis
Type:
CWE-502 Deserialization of Untrusted Dat
Publication date:
12/07/2017
Last modified:
02/05/2025

Description

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer deserializes a malicious object that may cause legitimate users accessing a service, either by crashing or flooding the service.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:sap:netweaver:7400.12.21.30308:*:*:*:*:*:*:*