SAP : Security Vulnerabilities, CVEs, Published In 2012 (Code Execution)
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.
Max CVSS
10.0
EPSS Score
5.67%
Published
2012-08-15
Updated
2022-10-06
CVE-2012-2611
Public exploit
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.
Max CVSS
9.3
EPSS Score
95.60%
Published
2012-05-15
Updated
2012-08-19
2 vulnerabilities found