High severity7.5NVD Advisory· Published Jul 12, 2017· Updated Jun 17, 2026
CVE-2017-9844
CVE-2017-9844
Description
SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer deserializes a malicious object that may cause legitimate users accessing a service, either by crashing or flooding the service.
Affected products
2Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/96865nvdThird Party AdvisoryVDB Entry
- erpscan.io/advisories/erpscan-17-014-sap-netweaver-java-deserialization-untrusted-user-value-metadatauploader/nvdBroken Link
- me.sap.com/notes/2399804nvdPermissions Required
News mentions
0No linked articles in our index yet.