PT-2020-7353 · Sap · Sap Netweaver
Published
2020-01-23
·
Updated
2020-01-31
·
CVE-2013-1593
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions:
SAP NetWeaver versions 2004s, 7.01 SR1, 7.02 SP06, 7.30 SP04
Description:
A Denial of Service issue exists in the WRITE C function within the msg server.exe module. This occurs when a crafted SAP Message Server packet is sent to TCP ports 36NN and/or 39NN.
Recommendations:
For SAP NetWeaver version 2004s, update to a version that includes a fix for this issue.
For SAP NetWeaver version 7.01 SR1, update to a version that includes a fix for this issue.
For SAP NetWeaver version 7.02 SP06, update to a version that includes a fix for this issue.
For SAP NetWeaver version 7.30 SP04, update to a version that includes a fix for this issue.
As a temporary workaround, consider restricting access to TCP ports 36NN and 39NN to minimize the risk of exploitation.
Exploit
Fix
DoS
Improper Validation of Array Index
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Netweaver