Описание
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:netweaver_abap:7.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:7.02:sp6:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_abap:7.03:sp4:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.17331
Средний
10 Critical
CVSS2
Дефекты
CWE-119
Связанные уязвимости
github
больше 3 лет назад
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.
EPSS
Процентиль: 95%
0.17331
Средний
10 Critical
CVSS2
Дефекты
CWE-119