VAR-201208-0222
Vulnerability from variot - Updated: 2024-07-23 22:37Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user suplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process. Authentication is not required to exploit this vulnerability.The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. SAP NetWeaver has a defect in the message with the opcode 0x43. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Msg_server.exe listens to port 3900 by default. Arbitrary code. NetWeaver ABAP is prone to a denial-of-service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netweaver",
"scope": null,
"trust": 2.1,
"vendor": "sap",
"version": null
},
{
"model": "netweaver abap",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.02"
},
{
"model": "netweaver abap",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.0"
},
{
"model": "netweaver abap",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": "7.03"
},
{
"model": "netweaver abap",
"scope": null,
"trust": 1.2,
"vendor": "sap",
"version": null
},
{
"model": "netweaver abap",
"scope": "eq",
"trust": 0.8,
"vendor": "sap",
"version": "7.x"
},
{
"model": "netweaver abap null",
"scope": "eq",
"trust": 0.4,
"vendor": "sap",
"version": "*"
},
{
"model": "netweaver abap sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.03"
},
{
"model": "netweaver abap sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.02"
},
{
"model": "netweaver abap sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.0"
}
],
"sources": [
{
"db": "IVD",
"id": "29348194-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-12-112"
},
{
"db": "ZDI",
"id": "ZDI-12-111"
},
{
"db": "ZDI",
"id": "ZDI-12-104"
},
{
"db": "CNVD",
"id": "CNVD-2012-3434"
},
{
"db": "CNVD",
"id": "CNVD-2012-3433"
},
{
"db": "BID",
"id": "78143"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003710"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-264"
},
{
"db": "NVD",
"id": "CVE-2012-4341"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:7.02:sp6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver_abap:7.03:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4341"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "e6af8de8b1d4b2b6d5ba2610cbf9cd38",
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-112"
},
{
"db": "ZDI",
"id": "ZDI-12-111"
},
{
"db": "ZDI",
"id": "ZDI-12-104"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-539"
}
],
"trust": 2.7
},
"cve": "CVE-2012-4341",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-4341",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ZDI-12-112",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "ZDI-12-111",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "ZDI-12-104",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "29348194-1f62-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "29fdb3de-1f62-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4341",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "ZDI-12-112",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "ZDI-12-111",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "ZDI-12-104",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-264",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "29348194-1f62-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "29fdb3de-1f62-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2012-4341",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "29348194-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-12-112"
},
{
"db": "ZDI",
"id": "ZDI-12-111"
},
{
"db": "ZDI",
"id": "ZDI-12-104"
},
{
"db": "VULMON",
"id": "CVE-2012-4341"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003710"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-264"
},
{
"db": "NVD",
"id": "CVE-2012-4341"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user suplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process. Authentication is not required to exploit this vulnerability.The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. SAP NetWeaver has a defect in the message with the opcode 0x43. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Msg_server.exe listens to port 3900 by default. Arbitrary code. NetWeaver ABAP is prone to a denial-of-service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4341"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003710"
},
{
"db": "ZDI",
"id": "ZDI-12-112"
},
{
"db": "ZDI",
"id": "ZDI-12-111"
},
{
"db": "ZDI",
"id": "ZDI-12-104"
},
{
"db": "CNVD",
"id": "CNVD-2012-3434"
},
{
"db": "CNVD",
"id": "CNVD-2012-3433"
},
{
"db": "BID",
"id": "78143"
},
{
"db": "IVD",
"id": "29348194-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2012-4341"
}
],
"trust": 5.31
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4341",
"trust": 2.8
},
{
"db": "ZDI",
"id": "ZDI-12-112",
"trust": 2.7
},
{
"db": "ZDI",
"id": "ZDI-12-111",
"trust": 2.7
},
{
"db": "ZDI",
"id": "ZDI-12-104",
"trust": 2.7
},
{
"db": "SECTRACK",
"id": "1027211",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "49744",
"trust": 1.7
},
{
"db": "BID",
"id": "54229",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2012-3434",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-3433",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003710",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1396",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1394",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1395",
"trust": 0.7
},
{
"db": "BID",
"id": "54231",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201208-264",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201206-539",
"trust": 0.6
},
{
"db": "BID",
"id": "78143",
"trust": 0.4
},
{
"db": "IVD",
"id": "29348194-1F62-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "29FDB3DE-1F62-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2012-4341",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "29348194-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-12-112"
},
{
"db": "ZDI",
"id": "ZDI-12-111"
},
{
"db": "ZDI",
"id": "ZDI-12-104"
},
{
"db": "CNVD",
"id": "CNVD-2012-3434"
},
{
"db": "CNVD",
"id": "CNVD-2012-3433"
},
{
"db": "VULMON",
"id": "CVE-2012-4341"
},
{
"db": "BID",
"id": "78143"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003710"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-264"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-539"
},
{
"db": "NVD",
"id": "CVE-2012-4341"
}
]
},
"id": "VAR-201208-0222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "29348194-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3434"
},
{
"db": "CNVD",
"id": "CNVD-2012-3433"
}
],
"trust": 1.87111164
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "29348194-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3434"
},
{
"db": "CNVD",
"id": "CNVD-2012-3433"
}
]
},
"last_update_date": "2024-07-23T22:37:43.393000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://websmp230.sap-ag.de/sap(bd1lbizjptawmq==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840"
},
{
"title": "Acknowledgments to Security Researchers",
"trust": 0.8,
"url": "http://scn.sap.com/docs/doc-8218"
},
{
"title": "SAP NetWeaver",
"trust": 0.8,
"url": "http://www.sap.com/platform/netweaver/businessbenefits/customdevelopment.epx"
},
{
"title": "SAP has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://websmp230.sap-ag.de/sap(bd1lbizjptawmq==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649838"
},
{
"title": "SAP Netweaver ABAP \u0027msg_server.exe\u0027 parameter name patch for remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/18435"
},
{
"title": "SAP Netweaver ABAP \u0027msg_server.exe\u0027 patch for buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/18434"
},
{
"title": "SAP NetWeaver ABAP Fixes for multiple stack-based buffer errors",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=209631"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2012-4341 "
},
{
"title": "cve-search",
"trust": 0.1,
"url": "https://github.com/r3p3r/cve-search "
},
{
"title": "cve-search-src",
"trust": 0.1,
"url": "https://github.com/extremenetworks/cve-search-src "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/zien-tf/z_iot_cve-search-api "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/pgurudatta/cve-search "
},
{
"title": "cve-search",
"trust": 0.1,
"url": "https://github.com/cve-search/cve-search "
},
{
"title": "cve-search",
"trust": 0.1,
"url": "https://github.com/dim0niu/cve-search "
},
{
"title": "cve-search",
"trust": 0.1,
"url": "https://github.com/swastik99/cve-search-master "
},
{
"title": "cve",
"trust": 0.1,
"url": "https://github.com/zwei2008/cve "
},
{
"title": "cve-search",
"trust": 0.1,
"url": "https://github.com/miradam/cve-search "
},
{
"title": "modified_cve-search",
"trust": 0.1,
"url": "https://github.com/hr-cert/modified_cve-search "
},
{
"title": "cve-search",
"trust": 0.1,
"url": "https://github.com/swastik99/cve-search "
},
{
"title": "cve-search-ng",
"trust": 0.1,
"url": "https://github.com/cve-search/cve-search-ng "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-112"
},
{
"db": "ZDI",
"id": "ZDI-12-111"
},
{
"db": "ZDI",
"id": "ZDI-12-104"
},
{
"db": "CNVD",
"id": "CNVD-2012-3434"
},
{
"db": "CNVD",
"id": "CNVD-2012-3433"
},
{
"db": "VULMON",
"id": "CVE-2012-4341"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003710"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-264"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003710"
},
{
"db": "NVD",
"id": "CVE-2012-4341"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://websmp230.sap-ag.de/sap(bd1lbizjptawmq==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840"
},
{
"trust": 2.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-12-111/"
},
{
"trust": 2.0,
"url": "https://service.sap.com/sap/support/notes/1649838"
},
{
"trust": 2.0,
"url": "http://www.securitytracker.com/id?1027211"
},
{
"trust": 2.0,
"url": "http://scn.sap.com/docs/doc-8218"
},
{
"trust": 2.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-12-104/"
},
{
"trust": 2.0,
"url": "http://www.zerodayinitiative.com/advisories/zdi-12-112/"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/49744"
},
{
"trust": 1.3,
"url": "https://websmp230.sap-ag.de/sap%28bd1lbizjptawmq==%29/bc/bsp/spn/sapnotes/index2.htm?numm=1649840"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4341"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4341"
},
{
"trust": 0.7,
"url": "https://websmp230.sap-ag.de/sap(bd1lbizjptawmq==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649838"
},
{
"trust": 0.6,
"url": "http://seclists.org/bugtraq/2012/jun/186"
},
{
"trust": 0.6,
"url": "http://seclists.org/bugtraq/2012/jun/185"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/54229"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2012-4341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/78143"
},
{
"trust": 0.1,
"url": "https://github.com/cve-search/cve-search"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-112"
},
{
"db": "ZDI",
"id": "ZDI-12-111"
},
{
"db": "ZDI",
"id": "ZDI-12-104"
},
{
"db": "CNVD",
"id": "CNVD-2012-3434"
},
{
"db": "CNVD",
"id": "CNVD-2012-3433"
},
{
"db": "VULMON",
"id": "CVE-2012-4341"
},
{
"db": "BID",
"id": "78143"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003710"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-264"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-539"
},
{
"db": "NVD",
"id": "CVE-2012-4341"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "29348194-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-12-112"
},
{
"db": "ZDI",
"id": "ZDI-12-111"
},
{
"db": "ZDI",
"id": "ZDI-12-104"
},
{
"db": "CNVD",
"id": "CNVD-2012-3434"
},
{
"db": "CNVD",
"id": "CNVD-2012-3433"
},
{
"db": "VULMON",
"id": "CVE-2012-4341"
},
{
"db": "BID",
"id": "78143"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003710"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-264"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-539"
},
{
"db": "NVD",
"id": "CVE-2012-4341"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-02T00:00:00",
"db": "IVD",
"id": "29348194-1f62-11e6-abef-000c29c66e3d"
},
{
"date": "2012-07-02T00:00:00",
"db": "IVD",
"id": "29fdb3de-1f62-11e6-abef-000c29c66e3d"
},
{
"date": "2012-06-28T00:00:00",
"db": "ZDI",
"id": "ZDI-12-112"
},
{
"date": "2012-06-28T00:00:00",
"db": "ZDI",
"id": "ZDI-12-111"
},
{
"date": "2012-06-27T00:00:00",
"db": "ZDI",
"id": "ZDI-12-104"
},
{
"date": "2012-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3434"
},
{
"date": "2012-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3433"
},
{
"date": "2012-08-15T00:00:00",
"db": "VULMON",
"id": "CVE-2012-4341"
},
{
"date": "2012-08-15T00:00:00",
"db": "BID",
"id": "78143"
},
{
"date": "2012-08-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003710"
},
{
"date": "2012-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-264"
},
{
"date": "2012-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-539"
},
{
"date": "2012-08-15T21:55:05.353000",
"db": "NVD",
"id": "CVE-2012-4341"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-28T00:00:00",
"db": "ZDI",
"id": "ZDI-12-112"
},
{
"date": "2012-06-28T00:00:00",
"db": "ZDI",
"id": "ZDI-12-111"
},
{
"date": "2012-06-27T00:00:00",
"db": "ZDI",
"id": "ZDI-12-104"
},
{
"date": "2012-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3434"
},
{
"date": "2012-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3433"
},
{
"date": "2022-10-06T00:00:00",
"db": "VULMON",
"id": "CVE-2012-4341"
},
{
"date": "2012-08-15T00:00:00",
"db": "BID",
"id": "78143"
},
{
"date": "2012-08-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003710"
},
{
"date": "2022-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-264"
},
{
"date": "2012-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-539"
},
{
"date": "2023-11-07T02:11:50.587000",
"db": "NVD",
"id": "CVE-2012-4341"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-264"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-539"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP Netweaver ABAP \u0027msg_server.exe\u0027 Parameter name remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "29348194-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3434"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-264"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…