CVE-2013-1593

Published: Jan 23, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN.

Affected (4)

Products: Sap: Netweaver

Sap

1 product

Netweaver

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver	Version 2004s
Sap Netweaver	Version 7.01 sr1
Sap Netweaver	Version 7.02 sp06
Sap Netweaver	Version 7.30 sp04

Related CWEs

CWE-129

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (10)

http://www.securityfocus.com/bid/57956

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1028148

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/82065

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://packetstormsecurity.com/files/cve/CVE-2013-1593

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities

Source: cve@mitre.org

ExploitThird Party Advisory

http://www.securityfocus.com/bid/57956