Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-2512 β€” Improper Restriction of Operations within the Bounds of a Memory Buffer in SAP Netweaver

CWE-119 β€” Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
36.1%
top 2.89%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SAP Netweaver
Timeline
PublishedMay 15
Latest updateMay 17

Description

The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

β–ΆNVDsap/netweaver7.0

πŸ”΄Vulnerability Details

2
GHSA
GHSA-5225-89r9-8698: The DiagTraceStreamI function in disp+work↗2022-05-17
β–Ά
CVEList
CVE-2012-2512: The DiagTraceStreamI function in disp+work↗2012-05-15
β–Ά

πŸ’₯Exploits & PoCs

2
Exploit-DB
SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities↗2012-08-21
β–Ά
Exploit-DB
SAP NetWeaver Dispatcher - Multiple Vulnerabilities↗2012-05-09
β–Ά
CVE-2012-2512 β€” SAP Netweaver vulnerability | cvebase