Published: 23/01/2020 Updated: 31/01/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap netweaver 7.01
sap netweaver 7.02
sap netweaver 7.30
sap netweaver 2004s

1 *Advisory Information* Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: wwwcoresecuritycom/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date of last update: 2013-02-13 Vendors contacted: SAP Release mode: Coordinated release 2 *Vulnerability ...

Core Security Technologies Advisory - Multiple vulnerabilities have been found in SAP Netweaver that could allow an unauthenticated remote attacker to execute arbitrary code and lead to denial of service conditions The vulnerabilities are triggered sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN (being NN ...

CWE-120 http://www.securityfocus.com/bid/57956 https://packetstormsecurity.com/files/cve/CVE-2013-1592 http://www.exploit-db.com/exploits/24511 https://exchange.xforce.ibmcloud.com/vulnerabilities/82064 http://www.securitytracker.com/id/1028148 http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities https://nvd.nist.gov https://www.exploit-db.com/exploits/24511/

CVE-2013-1592

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect