Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-2612Improper Restriction of Operations within the Bounds of a Memory Buffer in SAP Netweaver

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
36.1%
top 2.89%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SAP Netweaver
Timeline
PublishedMay 15
Latest updateMay 14

Description

The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDsap/netweaver7.0

🔴Vulnerability Details

2
GHSA
GHSA-jvvg-vxw3-4c2h: The DiagTraceHex function in disp+work2022-05-14
CVEList
CVE-2012-2612: The DiagTraceHex function in disp+work2012-05-15

💥Exploits & PoCs

2
Exploit-DB
SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities2012-08-21
Exploit-DB
SAP NetWeaver Dispatcher - Multiple Vulnerabilities2012-05-09
CVE-2012-2612 — SAP Netweaver vulnerability | cvebase