PatchSiren cyber security CVE debrief
CVE-2016-10079 SAP CVE debrief
CVE-2016-10079 is a network-reachable denial-of-service issue in SAP SAPlpd on Windows. According to NVD, sending a long string to TCP port 515 can crash the service, affecting SAP GUI 7.40 deployments with SAPlpd through version 7400.3.11.33. The issue is rated HIGH because it is reachable over the network and does not require authentication or user interaction, but the documented impact is availability only.
- Vendor
- SAP
- Product
- CVE-2016-10079
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-01
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-01
- Advisory updated
- 2026-05-13
Who should care
Organizations running SAP GUI 7.40 on Windows with the SAPlpd service enabled, especially where TCP port 515 is exposed internally or externally. Administrators responsible for printing, spool, or related SAP workstation services should treat this as an availability risk.
Technical summary
NVD maps this vulnerability to SAP SAPlpd versions through 7400.3.11.33 and classifies it as CWE-20 (Improper Input Validation). The CVSS 3.0 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, reflecting a remotely triggerable crash condition that impacts service availability but not confidentiality or integrity in the published assessment.
Defensive priority
High. The issue is easy to reach over the network, requires no privileges, and can cause a service crash. Even though the impact is limited to availability, any exposed TCP 515 service can become an operational disruption point.
Recommended defensive actions
- Inventory SAP GUI 7.40 systems and confirm whether SAPlpd is present and exposed on TCP port 515.
- Upgrade or replace affected SAPlpd instances beyond version 7400.3.11.33, following SAP’s current security guidance for the product.
- Restrict access to TCP port 515 with network controls so only trusted hosts can reach the service.
- Disable SAPlpd on systems that do not require it.
- Monitor for unexpected SAPlpd crashes or repeated restarts and review host and service logs for signs of probing.
- If you cannot immediately update, place compensating controls around the affected Windows hosts and segment them from untrusted networks.
Evidence notes
The supplied official NVD record states: affected CPE cpe:2.3:a:sap:saplpd:*:*:*:*:*:*:*:* with versionEndIncluding 7400.3.11.33; vulnerability description: SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a denial-of-service vulnerability (service crash) with a long string to TCP port 515. NVD also lists CVSS 3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H and CWE-20. A third-party reference to Exploit-DB is present in the source data, but no exploit details are relied on here.
Official resources
-
CVE-2016-10079 CVE record
CVE.org
-
CVE-2016-10079 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory, VDB Entry
CVE published on 2017-02-01. The supplied source record was last modified on 2026-05-13; that later date reflects record updates, not the original vulnerability disclosure date.