Описание
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:netweaver:7.01:sr1:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.02:sp06:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.30:sp04:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:2004s:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.68888
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-120
Связанные уязвимости
github
больше 3 лет назад
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code.
EPSS
Процентиль: 99%
0.68888
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-120