Published: 15/05/2012 Updated: 19/08/2012

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 945

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote malicious users to execute arbitrary code via a crafted SAP Diag packet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap netweaver 7.0

1 Advisory Information Title: SAP Netweaver Dispatcher Multiple Vulnerabilities Advisory ID: CORE-2012-0123 Advisory URL: wwwcoresecuritycom/content/sap-netweaver-dispatcher-multiple-vulnerabilities Date published: 2012-05-08 Date of last update: 2012-05-10 Vendors contacted: SAP Release mode: Coordinated release 2 Vulnerability Informa ...

Core Security - Corelabs Advisory corelabscoresecuritycom/ SAP Netweaver Dispatcher Multiple Vulnerabilities 1 *Advisory Information* Title: SAP Netweaver Dispatcher Multiple Vulnerabilities Advisory ID: CORE-2012-0123 Advisory URL: wwwcoresecuritycom/content/sap-netweaver-dispatcher-multiple-vulnerabilities Date published: 2 ...

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::R ...

Training course materials and notes related to SAP security audit and penetration testing

SAP security audit and penetration testing Training course materials and research notes that I created to teach how to perform a technical security audit and penetration test of SAP (hosted on-premises) Table of contents 0 Useful tools and resources 1 SAP security controls and configuration hardening review 2 How to get unauthorized access to SAP tables and data using SAP

CWE-20 https://service.sap.com/sap/support/notes/1687910 http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities http://scn.sap.com/docs/DOC-8218 http://www.securitytracker.com/id?1027052 https://nvd.nist.gov https://github.com/Jean-Francois-C/SAP-Security-Audit https://www.exploit-db.com/exploits/20705/

CVE-2012-2611

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect