CVE-2012-2513

Name of the Vulnerable Software and Affected Versions SAP NetWeaver versions 7.0 EHP1 and 7.0 EHP2

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, via a crafted SAP Diag packet. This is due to a problem in the Diaginput function in disp+work.exe.

Recommendations For SAP NetWeaver version 7.0 EHP1, consider restricting access to the Diaginput function in disp+work.exe to minimize the risk of exploitation. For SAP NetWeaver version 7.0 EHP2, consider restricting access to the Diaginput function in disp+work.exe to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.