CVE-2014-0995

Name: CVE-2014-0995
Creator: NVD / NIST
Published: 2014-11-06T15:55:06.99+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 9.67%

Last modified Jun 17, 2026

CVE-2014-0995 is a vulnerability of currently unknown severity. The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.. EPSS estimates a 9.67% chance of exploitation in the next 30 days.

Description

The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.

Metrics

EPSS Probability

9.67%

94.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Sap	Netweaver	<= 7.01
Sap	Netweaver	7.20

References

http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/Third Party Advisory
http://packetstormsecurity.com/files/128726/SAP-Netweaver-Enqueue-Server-Trace-Pattern-Denial-Of-Service.htmlExploit, Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2014/Oct/76Exploit, Mailing List, Third Party Advisory
http://secunia.com/advisories/60950Third Party Advisory
http://www.coresecurity.com/advisories/sap-netweaver-enqueue-server-trace-pattern-denial-service-vulnerabilityExploit, Third Party Advisory
http://www.securityfocus.com/archive/1/533719/100/0/threadedThird Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/97610Third Party Advisory, VDB Entry
https://twitter.com/SAP_Gsupport/status/522750365780160513Broken Link
http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/Third Party Advisory
http://packetstormsecurity.com/files/128726/SAP-Netweaver-Enqueue-Server-Trace-Pattern-Denial-Of-Service.htmlExploit, Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2014/Oct/76Exploit, Mailing List, Third Party Advisory
http://secunia.com/advisories/60950Third Party Advisory
http://www.coresecurity.com/advisories/sap-netweaver-enqueue-server-trace-pattern-denial-service-vulnerabilityExploit, Third Party Advisory
http://www.securityfocus.com/archive/1/533719/100/0/threadedThird Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/97610Third Party Advisory, VDB Entry
https://twitter.com/SAP_Gsupport/status/522750365780160513Broken Link

Timeline

Published: Nov 6, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-0995?

How severe is CVE-2014-0995?

Severity scoring for CVE-2014-0995 is pending analysis. The EPSS model estimates a 9.67% probability of exploitation in the next 30 days.

How do I fix CVE-2014-0995?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-0995?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST