var-201208-0222
Vulnerability from variot

Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user suplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process. Authentication is not required to exploit this vulnerability.The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. SAP NetWeaver has a defect in the message with the opcode 0x43. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Msg_server.exe listens to port 3900 by default. Arbitrary code. NetWeaver ABAP is prone to a denial-of-service vulnerability

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201208-0222",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netweaver",
        "scope": null,
        "trust": 2.1,
        "vendor": "sap",
        "version": null
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sap",
        "version": "7.02"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sap",
        "version": "7.0"
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "sap",
        "version": "7.03"
      },
      {
        "model": "netweaver abap",
        "scope": null,
        "trust": 1.2,
        "vendor": "sap",
        "version": null
      },
      {
        "model": "netweaver abap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "7.x"
      },
      {
        "model": "netweaver abap null",
        "scope": "eq",
        "trust": 0.4,
        "vendor": "sap",
        "version": "*"
      },
      {
        "model": "netweaver abap sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.03"
      },
      {
        "model": "netweaver abap sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.02"
      },
      {
        "model": "netweaver abap sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.0"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "29348194-1f62-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-112"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-111"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-104"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3434"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3433"
      },
      {
        "db": "BID",
        "id": "78143"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003710"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201208-264"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-4341"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:7.02:sp6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:7.03:sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-4341"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "e6af8de8b1d4b2b6d5ba2610cbf9cd38",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-12-112"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-111"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-104"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-539"
      }
    ],
    "trust": 2.7
  },
  "cve": "CVE-2012-4341",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2012-4341",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "ZDI-12-112",
            "impactScore": 8.5,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "ZDI-12-111",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "ZDI-12-104",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": null,
            "accessVector": null,
            "authentication": null,
            "author": "IVD",
            "availabilityImpact": null,
            "baseScore": null,
            "confidentialityImpact": null,
            "exploitabilityScore": null,
            "id": "29348194-1f62-11e6-abef-000c29c66e3d",
            "impactScore": null,
            "integrityImpact": null,
            "severity": null,
            "trust": 0.2,
            "vectorString": null,
            "version": "unknown"
          },
          {
            "accessComplexity": null,
            "accessVector": null,
            "authentication": null,
            "author": "IVD",
            "availabilityImpact": null,
            "baseScore": null,
            "confidentialityImpact": null,
            "exploitabilityScore": null,
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d",
            "impactScore": null,
            "integrityImpact": null,
            "severity": null,
            "trust": 0.2,
            "vectorString": null,
            "version": "unknown"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2012-4341",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "ZDI-12-112",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "ZDI-12-111",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "ZDI-12-104",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201208-264",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "29348194-1f62-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2012-4341",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "29348194-1f62-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-112"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-111"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-104"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-4341"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003710"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201208-264"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-4341"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user suplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process. Authentication is not required to exploit this vulnerability.The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. SAP NetWeaver has a defect in the message with the opcode 0x43. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Msg_server.exe listens to port 3900 by default. Arbitrary code. NetWeaver ABAP is prone to a denial-of-service vulnerability",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-4341"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-112"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-111"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-104"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3434"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3433"
      },
      {
        "db": "BID",
        "id": "78143"
      },
      {
        "db": "IVD",
        "id": "29348194-1f62-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-4341"
      }
    ],
    "trust": 5.31
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-4341",
        "trust": 2.8
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-112",
        "trust": 2.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-111",
        "trust": 2.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-104",
        "trust": 2.7
      },
      {
        "db": "SECTRACK",
        "id": "1027211",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "49744",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "54229",
        "trust": 1.2
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3434",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3433",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003710",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-1396",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-1394",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-1395",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "54231",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201208-264",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-539",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "78143",
        "trust": 0.4
      },
      {
        "db": "IVD",
        "id": "29348194-1F62-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "IVD",
        "id": "29FDB3DE-1F62-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-4341",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "29348194-1f62-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-112"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-111"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-104"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3434"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3433"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-4341"
      },
      {
        "db": "BID",
        "id": "78143"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003710"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201208-264"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-539"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-4341"
      }
    ]
  },
  "id": "VAR-201208-0222",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "29348194-1f62-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3434"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3433"
      }
    ],
    "trust": 1.87111164
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 1.6
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "29348194-1f62-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3434"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3433"
      }
    ]
  },
  "last_update_date": "2024-07-23T22:37:43.393000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SAP has issued an update to correct this vulnerability.",
        "trust": 1.4,
        "url": "https://websmp230.sap-ag.de/sap(bd1lbizjptawmq==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840"
      },
      {
        "title": "Acknowledgments to Security Researchers",
        "trust": 0.8,
        "url": "http://scn.sap.com/docs/doc-8218"
      },
      {
        "title": "SAP NetWeaver",
        "trust": 0.8,
        "url": "http://www.sap.com/platform/netweaver/businessbenefits/customdevelopment.epx"
      },
      {
        "title": "SAP has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://websmp230.sap-ag.de/sap(bd1lbizjptawmq==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649838"
      },
      {
        "title": "SAP Netweaver ABAP \u0027msg_server.exe\u0027 parameter name patch for remote code execution vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/18435"
      },
      {
        "title": "SAP Netweaver ABAP \u0027msg_server.exe\u0027 patch for buffer overflow vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/18434"
      },
      {
        "title": "SAP NetWeaver ABAP Fixes for multiple stack-based buffer errors",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=209631"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2012-4341 "
      },
      {
        "title": "cve-search",
        "trust": 0.1,
        "url": "https://github.com/r3p3r/cve-search "
      },
      {
        "title": "cve-search-src",
        "trust": 0.1,
        "url": "https://github.com/extremenetworks/cve-search-src "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/zien-tf/z_iot_cve-search-api "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/pgurudatta/cve-search "
      },
      {
        "title": "cve-search",
        "trust": 0.1,
        "url": "https://github.com/cve-search/cve-search "
      },
      {
        "title": "cve-search",
        "trust": 0.1,
        "url": "https://github.com/dim0niu/cve-search "
      },
      {
        "title": "cve-search",
        "trust": 0.1,
        "url": "https://github.com/swastik99/cve-search-master "
      },
      {
        "title": "cve",
        "trust": 0.1,
        "url": "https://github.com/zwei2008/cve "
      },
      {
        "title": "cve-search",
        "trust": 0.1,
        "url": "https://github.com/miradam/cve-search "
      },
      {
        "title": "modified_cve-search",
        "trust": 0.1,
        "url": "https://github.com/hr-cert/modified_cve-search "
      },
      {
        "title": "cve-search",
        "trust": 0.1,
        "url": "https://github.com/swastik99/cve-search "
      },
      {
        "title": "cve-search-ng",
        "trust": 0.1,
        "url": "https://github.com/cve-search/cve-search-ng "
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-12-112"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-111"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-104"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3434"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3433"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-4341"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003710"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201208-264"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003710"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-4341"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://websmp230.sap-ag.de/sap(bd1lbizjptawmq==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840"
      },
      {
        "trust": 2.0,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-12-111/"
      },
      {
        "trust": 2.0,
        "url": "https://service.sap.com/sap/support/notes/1649838"
      },
      {
        "trust": 2.0,
        "url": "http://www.securitytracker.com/id?1027211"
      },
      {
        "trust": 2.0,
        "url": "http://scn.sap.com/docs/doc-8218"
      },
      {
        "trust": 2.0,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-12-104/"
      },
      {
        "trust": 2.0,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-12-112/"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/49744"
      },
      {
        "trust": 1.3,
        "url": "https://websmp230.sap-ag.de/sap%28bd1lbizjptawmq==%29/bc/bsp/spn/sapnotes/index2.htm?numm=1649840"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4341"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4341"
      },
      {
        "trust": 0.7,
        "url": "https://websmp230.sap-ag.de/sap(bd1lbizjptawmq==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649838"
      },
      {
        "trust": 0.6,
        "url": "http://seclists.org/bugtraq/2012/jun/186"
      },
      {
        "trust": 0.6,
        "url": "http://seclists.org/bugtraq/2012/jun/185"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/54229"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2012-4341"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.securityfocus.com/bid/78143"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/cve-search/cve-search"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-12-112"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-111"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-104"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3434"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3433"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-4341"
      },
      {
        "db": "BID",
        "id": "78143"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003710"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201208-264"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-539"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-4341"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "29348194-1f62-11e6-abef-000c29c66e3d"
      },
      {
        "db": "IVD",
        "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-112"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-111"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-104"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3434"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3433"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-4341"
      },
      {
        "db": "BID",
        "id": "78143"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003710"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201208-264"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-539"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-4341"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-07-02T00:00:00",
        "db": "IVD",
        "id": "29348194-1f62-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2012-07-02T00:00:00",
        "db": "IVD",
        "id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2012-06-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-12-112"
      },
      {
        "date": "2012-06-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-12-111"
      },
      {
        "date": "2012-06-27T00:00:00",
        "db": "ZDI",
        "id": "ZDI-12-104"
      },
      {
        "date": "2012-07-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2012-3434"
      },
      {
        "date": "2012-07-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2012-3433"
      },
      {
        "date": "2012-08-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2012-4341"
      },
      {
        "date": "2012-08-15T00:00:00",
        "db": "BID",
        "id": "78143"
      },
      {
        "date": "2012-08-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-003710"
      },
      {
        "date": "2012-08-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201208-264"
      },
      {
        "date": "2012-06-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201206-539"
      },
      {
        "date": "2012-08-15T21:55:05.353000",
        "db": "NVD",
        "id": "CVE-2012-4341"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-06-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-12-112"
      },
      {
        "date": "2012-06-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-12-111"
      },
      {
        "date": "2012-06-27T00:00:00",
        "db": "ZDI",
        "id": "ZDI-12-104"
      },
      {
        "date": "2012-07-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2012-3434"
      },
      {
        "date": "2012-07-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2012-3433"
      },
      {
        "date": "2022-10-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2012-4341"
      },
      {
        "date": "2012-08-15T00:00:00",
        "db": "BID",
        "id": "78143"
      },
      {
        "date": "2012-08-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-003710"
      },
      {
        "date": "2022-10-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201208-264"
      },
      {
        "date": "2012-07-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201206-539"
      },
      {
        "date": "2023-11-07T02:11:50.587000",
        "db": "NVD",
        "id": "CVE-2012-4341"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201208-264"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-539"
      }
    ],
    "trust": 1.2
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP Netweaver ABAP \u0027msg_server.exe\u0027 Parameter name remote code execution vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "29348194-1f62-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-3434"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201208-264"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.