Описание
Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method.
Ссылки
- PatchUS Government Resource
- PatchVendor Advisory
- PatchUS Government Resource
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.10 (включая)
Одно из
cpe:2.3:a:sap:sapgui:*:*:*:*:*:*:*:*
cpe:2.3:a:sap:sapgui:*:*:*:*:*:*:*:*
cpe:2.3:a:sap:sapgui:4.6:*:*:*:*:*:*:*
cpe:2.3:a:sap:sapgui:4.6:*:windows:*:*:*:*:*
cpe:2.3:a:sap:sapgui:4.6a:*:*:*:*:*:*:*
cpe:2.3:a:sap:sapgui:4.6a:*:windows:*:*:*:*:*
cpe:2.3:a:sap:sapgui:4.6b:*:*:*:*:*:*:*
cpe:2.3:a:sap:sapgui:4.6b:*:windows:*:*:*:*:*
cpe:2.3:a:sap:sapgui:4.6c:*:*:*:*:*:*:*
cpe:2.3:a:sap:sapgui:4.6c:*:windows:*:*:*:*:*
cpe:2.3:a:sap:sapgui:4.6d:*:*:*:*:*:*:*
cpe:2.3:a:sap:sapgui:4.6d:*:windows:*:*:*:*:*
cpe:2.3:a:sap:sapgui:6.40:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.68002
Средний
9.3 Critical
CVSS2
Дефекты
CWE-119
Связанные уязвимости
github
почти 4 года назад
Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method.
EPSS
Процентиль: 99%
0.68002
Средний
9.3 Critical
CVSS2
Дефекты
CWE-119