PT-2020-7352 · Sap · Sap Netweaver
Francisco Falcon
+1
·
Published
2020-01-23
·
Updated
2020-01-31
·
CVE-2013-1592
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
SAP NetWeaver versions 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04
Description:
A Buffer Overflow issue exists in the Message Server service, specifically in the MsJ2EE AddStatistics() function, when it processes specially crafted SAP Message Server packets sent to remote TCP ports. This could allow a remote malicious user to execute arbitrary code.
Recommendations:
For SAP NetWeaver version 2004s, update to a version that includes the fix for this issue.
For SAP NetWeaver version 7.01 SR1, update to a version that includes the fix for this issue.
For SAP NetWeaver version 7.02 SP06, update to a version that includes the fix for this issue.
For SAP NetWeaver version 7.30 SP04, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the MsJ2EE AddStatistics() function in the Message Server service until a patch is available.
Exploit
Fix
RCE
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Netweaver