Lucene search

[email protected]CVE-2015-2815

HistoryApr 01, 2015 - 2:59 p.m.

CVE-2015-2815

2015-04-0114:59:13

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-2815

buffer overflow

c_sapgparam

sap kernel

remote authenticated users

denial of service

arbitrary code execution

sap security note

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

86.1%

JSON

Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369.

Affected configurations

NVD

Node

sapnetweaverMatch7.0

sapnetweaverMatch7.40

CPENameOperatorVersion
sap:netweaversap netweavereq7.0
sap:netweaversap netweavereq7.40

CPE	Name	Operator	Version
sap:netweaver	sap netweaver	eq	7.0
sap:netweaver	sap netweaver	eq	7.40

References

packetstormsecurity.com/files/132353/SAP-NetWeaver-Dispatcher-Buffer-Overflow.html

seclists.org/fulldisclosure/2015/Jun/61

www.securityfocus.com/archive/1/535825/100/800/threaded

www.securityfocus.com/bid/73897

erpscan.io/advisories/erpscan-15-003-sapkernel-c_sapgparam-rce-dos/

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

86.1%

JSON

Related for CVE-2015-2815

nvd1 erpscan1 securityvulns2 prion1 cvelist1 kaspersky1