[ERPSCAN-14-012] SAP NetWeaver Dispatcher Multiple Vulnerabilities – RCE, DoS
Application: SAP NetWeaver Dispatcher
Versions Affected: SAP KERNEL 7.00 32BIT, disp+work.exe (7000.52.12.34966)
Vendor URL: http://www.sap.com
Bugs: Buffer overflow [CWE-119], Integer overflow [CWE-190], Improper Input Validation [CWE-20]
CVSS: AV:N/AC:H/Au:S/C:C/I:C/A:C (7.1)
Vendor response: 02.06.2014
Date of Public Advisory: 21.08.2014
Reference: SAP Security Note 2025931
Author: George Nosenko (ERPScan)
Multiple vulnerabilities have been found in SAP NetWeaver Dispatcher that could allow an authenticated remote attacker to execute arbitrary code or lead to denial of service.
The remote command execution vulnerability can lead to remote execution of arbitrary commands in SAP NetWeaver Dispatcher without authorization.