Core Security Technologies Advisory – A vulnerability has been found in SAP Netweaver that could allow an unauthenticated, remote attacker to create denial of service conditions. The vulnerability is triggered by sending a specially crafted SAP Enqueue Server packet to remote TCP port 32NN (NN being the SAP system number) of a host running the “Standalone Enqueue Server” service, part of SAP Netweaver Application Server ABAP/Java. The “Standalone Enqueue Server” is a critical component of a SAP Netweaver installation in terms of availability, rendering the whole SAP system unresponsive.