PRIOn knowledge basePRION:CVE-2013-1592

HistoryJan 23, 2020 - 7:15 p.m.

Buffer overflow

2020-01-2319:15:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

Low

0.919 High

EPSS

Percentile

98.9%

JSON

A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code.

CPENameOperatorVersion
netweavereq2004.0.115
netweavereq7.1 sr1
netweavereq7.2 sp6
netweavereq7.30 sp4

Name	Operator	Version
netweaver	eq	2004.0.115
netweaver	eq	7.1 sr1
netweaver	eq	7.2 sp6
netweaver	eq	7.30 sp4

References

www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities

www.securityfocus.com/bid/57956

www.securitytracker.com/id/1028148

exchange.xforce.ibmcloud.com/vulnerabilities/82064

packetstormsecurity.com/files/cve/CVE-2013-1592

www.exploit-db.com/exploits/24511