Lucene search

[email protected]CVE-2012-2611

HistoryMay 15, 2012 - 4:21 a.m.

CVE-2012-2611

2012-05-1504:21:43

CWE-20

[email protected]

web.nvd.nist.gov

cve-2012-2611

diagtracer3info

dialog processor

disp+work.exe

sap netweaver

remote attackers

arbitrary code

crafted sap diag packet

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.4 High

AI Score

Confidence

High

0.95 High

EPSS

Percentile

99.3%

JSON

The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.

Affected configurations

NVD

Node

sapnetweaverMatch7.0ehp1

sapnetweaverMatch7.0ehp2

CPENameOperatorVersion
sap:netweaversap netweavereq7.0

CPE	Name	Operator	Version
sap:netweaver	sap netweaver	eq	7.0

References

scn.sap.com/docs/DOC-8218

www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities

www.securitytracker.com/id?1027052

service.sap.com/sap/support/notes/1687910

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.4 High

AI Score

Confidence

High

0.95 High

EPSS

Percentile

99.3%

JSON

Related for CVE-2012-2611

saint4 nvd1 cvelist1 packetstorm1 prion1 seebug1 exploitpack1 exploitdb1