CVE-2013-1593

Exploit

EPSS 2.66%
Published 23.01.2020 20:15:11
Last modified 21.11.2024 01:49:57
Source cve@mitre.org
Teams watchlist Login
Open Login

A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Netweaver Version7.01 Updatesr1

SAP ≫ Netweaver Version7.02 Updatesp06

SAP ≫ Netweaver Version7.30 Updatesp04

SAP ≫ Netweaver Version2004s

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.66%	0.844

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

http://www.securityfocus.com/bid/57956

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1028148

Third Party Advisory

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/82065

Third Party Advisory

VDB Entry

https://packetstormsecurity.com/files/cve/CVE-2013-1593

Third Party Advisory

VDB Entry