| CVE ID | |
| CVSS SCORE | 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C |
| AFFECTED VENDORS |
SAP |
| AFFECTED PRODUCTS |
NetWeaver |
| TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['10656']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver Composition Environment. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sapstartsrv.exe process which listens by default on ports 50013 and 50113. A malformed SOAP request (via POST) can be used to reach an unbounded copy loop which results in attacker-supplied data being written into existing function pointers. It is possible for a remote attacker to leverage this vulnerability to execute arbitrary code. |
| ADDITIONAL DETAILS |
A solution was provided via SAP note 1414444 |
| DISCLOSURE TIMELINE |
|
| CREDIT | AbdulAziz Hariri |
