Lucene search

[email protected]CVE-2013-1592

HistoryJan 23, 2020 - 7:15 p.m.

CVE-2013-1592

2020-01-2319:15:11

CWE-120

[email protected]

web.nvd.nist.gov

104

cve-2013-1592

buffer overflow

sap

netweaver

message server

remote attack

arbitrary code execuion.

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.919 High

EPSS

Percentile

98.9%

JSON

A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code.

Affected configurations

NVD

Node

sapnetweaverMatch7.01sr1

sapnetweaverMatch7.02sp06

sapnetweaverMatch7.30sp04

sapnetweaverMatch2004s

CPENameOperatorVersion
sap:netweaversap netweavereq7.01
sap:netweaversap netweavereq7.02
sap:netweaversap netweavereq7.30
sap:netweaversap netweavereq2004s