SAP NetWeaver ABAP App Server DDoS/Crash Vulnerability
CVE-2024-30218 Published on April 9, 2024

Denial of service (DOS) vulnerability in SAP NetWeaver AS ABAP and ABAP Platform
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability.

NVD

Vulnerability Analysis

CVE-2024-30218 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

Multiple Binds to the Same Port

When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed. On most systems, a combination of setting the SO_REUSEADDR socket option, and a call to bind() allows any process to bind to a port to which a previous process has bound with INADDR_ANY. This allows a user to bind to the specific address of a server bound to INADDR_ANY on an unprivileged port, and steal its UDP packets/TCP connection.


Products Associated with CVE-2024-30218

Want to know whenever a new CVE is published for SAP NetWeaver? stack.watch will email you.

SAP NetWeaver
 

Affected Versions

SAP_SE SAP NetWeaver AS ABAP and ABAP Platform:

Exploit Probability

EPSS
0.22%
Percentile
44.26%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.