Vulnerability Details : CVE-2013-1592
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code.
Vulnerability category: OverflowExecute code
Products affected by CVE-2013-1592
- cpe:2.3:a:sap:netweaver:7.01:sr1:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver:7.02:sp06:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver:7.30:sp04:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver:2004s:*:*:*:*:*:*:*
Threat overview for CVE-2013-1592
Top countries where our scanners detected CVE-2013-1592
Top open port discovered on systems with this issue
8000
IPs affected by CVE-2013-1592 457
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-1592!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-1592
91.93%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1592
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2013-1592
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1592
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/82064
SAP NetWeaver msg_server.exe code execution CVE-2013-1592 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1028148
SAP NetWeaver Message Server Service Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.exploit-db.com/exploits/24511
SAP NetWeaver Message Server - Multiple Vulnerabilities - Windows dos ExploitExploit;Third Party Advisory;VDB Entry
-
https://packetstormsecurity.com/files/cve/CVE-2013-1592
CVE-2013-1592 ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities
SAP Netweaver Message Server Multiple Vulnerabilities | CoreLabs AdvisoriesExploit;Third Party Advisory
-
http://www.securityfocus.com/bid/57956
SAP NetWeaver 'msg_server.exe' Remote Code Execution and Denial of Service VulnerabilitiesThird Party Advisory;VDB Entry
Jump to