CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-27632 – SAP NetWeaver ABAP Enqueue Memory Corruption
https://notcve.org/view.php?id=CVE-2021-27632
09 Jun 2021 — SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In ... • https://launchpad.support.sap.com/#/notes/3020104 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2021-27633 – SAP NetWeaver ABAP Gateway Memory Corruption
https://notcve.org/view.php?id=CVE-2021-27633
09 Jun 2021 — SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCPIC() causing the system to crash and rendering it unavailable. In this attack, ... • https://launchpad.support.sap.com/#/notes/3020209 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2021-27634 – SAP NetWeaver ABAP Gateway Memory Corruption
https://notcve.org/view.php?id=CVE-2021-27634
09 Jun 2021 — SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCpicDtCreate () causing the system to crash and rendering it unavailable. In this... • https://launchpad.support.sap.com/#/notes/3020209 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 68%CPEs: 4EXPL: 4CVE-2013-1592 – SAP NetWeaver Message Server - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1592
15 Feb 2013 — A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code. Se presenta una vulnerabilidad de Desbordamiento de Búfer en la función _MsJ2EE_AddStatistics() del servicio Message Server cuando se envían paquetes de SAP Message Server especialmente diseñ... • https://packetstorm.news/files/id/120350 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 2CVE-2013-1593 – SAP Netweaver Message Server Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-1593
15 Feb 2013 — A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. Se presenta una vulnerabilidad de Denegación de Servicio en la función WRITE_C en el módulo msg_server.exe en SAP NetWeaver 2004s, versiones 7.01 SR1, 7.02 SP06 y 7.30 SP04, cuando se envía un paquete de SAP Message Server diseñado hacia los puertos TCP 36NN y/o 39NN. Core Secur... • https://packetstorm.news/files/id/120350 • CWE-129: Improper Validation of Array Index •