CVE-2012-2514

SAP NetWeaver 7.0 EHP1-EHP2 - DoS

Title source: llm

Description

The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

Exploits (2)

exploitdb WORKING POC

doswindows

https://www.exploit-db.com/exploits/18853

View Code ZIP pw:eip

exploitdb WORKING POC

pythondosmultiple

https://www.exploit-db.com/exploits/20705

View Code ZIP pw:eip

References (5)

[Various Sources] http://scn.sap.com/docs/DOC-8218

[Exploit] http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/75456

[Various Sources] https://service.sap.com/sap/support/notes/1687910

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1027052

Scores

EPSS 0.3611

EPSS Percentile 97.1%

Details

CWE

CWE-119

Status published

Products (1)

sap/netweaver 7.0 ehp1 (2 CPE variants)

Published May 15, 2012

Tracked Since Feb 18, 2026