Lucene search

[email protected]CVE-2014-6252

HistorySep 05, 2014 - 2:55 p.m.

CVE-2014-6252

2014-09-0514:55:05

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-6252

buffer overflow

sap

netweaver

dispatcher

denial of service

arbitrary code

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

86.1%

JSON

Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors.

Affected configurations

NVD

Node

sapnetweaverMatch7.0

sapnetweaverMatch7.20

CPENameOperatorVersion
sap:netweaversap netweavereq7.0
sap:netweaversap netweavereq7.20

CPE	Name	Operator	Version
sap:netweaver	sap netweaver	eq	7.0
sap:netweaver	sap netweaver	eq	7.20

References

scn.sap.com/docs/DOC-8218

secunia.com/advisories/60496

erpscan.io/advisories/erpscan-14-011-sap-netweaver-dispatcher-buffer-overflow-rce-dos/

exchange.xforce.ibmcloud.com/vulnerabilities/96196

service.sap.com/sap/support/notes/2018221

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

86.1%

JSON

Related for CVE-2014-6252

nvd1 prion1 cvelist1