[ERPSCAN-14-011] SAP NetWeaver Dispatcher Buffer Overflow – RCE, DoS
Application: SAP NetWeaver Dispatcher
- SAP KERNEL 7.00 32BIT, disp+work.exe (7000.52.12.34966)
- SAP KERNEL 7.20 64BIT, disp+work.exe (7126.96.36.199294)
Bugs: Buffer overflow [CWE-119]
CVSS according to ERPScan: AV:N/AC:H/Au:S/C:C/I:C/A:C (7.1)
CVSS according to SAP: AV:N/AC:M/AU:S/C:N/I:N/A:C (6.3)
Vendor response: 14.05.2014
Date of Public Advisory: 21.08.2014
Reference: SAP Security Note 2018221
Author: George Nosenko (ERPScan)
A vulnerability has been found in SAP NetWeaver Dispatcher that could allow an authenticated remote attacker to execute arbitrary code or lead to denial of service.
The remote command execution vulnerability can lead to remote execution of arbitrary commands in SAP NetWeaver Dispatcher without authorization.
To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: