CVE-2024-47586: 
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation

SAP NetWeaver Application Server for ABAP and ABAP Platform contains a vulnerability that allows an unauthenticated attacker to send a maliciously crafted HTTP request which could cause a null pointer dereference in the kernel. The vulnerability affects multiple versions including Krnl64nuc 7.22, 7.22ext, Krnl64uc 7.22, 7.22ext, 7.53, 8.04, and Kernel versions 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 8.04, 9.12, 9.13. This vulnerability was disclosed on November 11, 2024 (NVD, ASEC).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476). When exploited, the null pointer dereference occurs in the kernel when processing the malicious HTTP request. The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

When successfully exploited, this vulnerability results in the system crashing and rebooting, causing temporary system unavailability. There is no impact on confidentiality or integrity of the system (NVD).

SAP has released security patches to address this vulnerability. Users are advised to apply the latest security updates available through SAP Note 3504390 (SAP Security, ASEC).