CVE-2013-1593 β€” Improper Validation of Array Index in SAP Netweaver

CWE-129 β€” Improper Validation of Array Index4 documents4 sources
Severity
7.5HIGHNVD
EPSS
2.7%
top 14.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP Netweaver
Timeline
PublishedJan 23
Latest updateMay 5

Description

A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

β–ΆNVDsap/netweaver4 versions+3

πŸ”΄Vulnerability Details

2
GHSA
GHSA-r998-rjwj-vqxg: A Denial of Service vulnerability exists in the WRITE_C function in the msg_server↗2022-05-05
β–Ά
CVEList
CVE-2013-1593: A Denial of Service vulnerability exists in the WRITE_C function in the msg_server↗2020-01-23
β–Ά

πŸ’₯Exploits & PoCs

1
Exploit-DB
SAP NetWeaver Message Server - Multiple Vulnerabilities↗2013-02-17
β–Ά
CVE-2013-1593 β€” Improper Validation of Array Index | cvebase