Lucene search

MitreCVE-2014-6252

HistorySep 05, 2014 - 2:55 p.m.

CVE-2014-6252

2014-09-0514:55:05

CWE-119

mitre

web.nvd.nist.gov

cve-2014-6252

buffer overflow

sap

netweaver

dispatcher

denial of service

arbitrary code

nvd

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.9

Confidence

High

EPSS

0.013

Percentile

86.1%

JSON

Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors.

Affected configurations

Nvd

Node

sapnetweaverMatch7.0

sapnetweaverMatch7.20

VendorProductVersionCPE
sapnetweaver7.0cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*
sapnetweaver7.20cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	netweaver	7.0	cpe:2.3:a:sap:netweaver:7.0:::::::*
sap	netweaver	7.20	cpe:2.3:a:sap:netweaver:7.20:::::::*

References

scn.sap.com/docs/DOC-8218

secunia.com/advisories/60496

erpscan.io/advisories/erpscan-14-011-sap-netweaver-dispatcher-buffer-overflow-rce-dos/

exchange.xforce.ibmcloud.com/vulnerabilities/96196

service.sap.com/sap/support/notes/2018221

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.9

Confidence

High

EPSS

0.013

Percentile

86.1%

JSON

Related for CVE-2014-6252