CVE-2012-2611

SAP NetWeaver <7.0 EHP2 - RCE

Title source: llm

Description

The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/21034

View Code ZIP pw:eip

exploitdb WORKING POC

doswindows

https://www.exploit-db.com/exploits/18853

View Code ZIP pw:eip

exploitdb WORKING POC

pythondosmultiple

https://www.exploit-db.com/exploits/20705

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Martin Gallo, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/sap_netweaver_dispatcher.rb

View Code ZIP pw:eip

References (4)

[Various Sources] http://scn.sap.com/docs/DOC-8218

[Exploit] http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities

[Various Sources] https://service.sap.com/sap/support/notes/1687910

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1027052

Scores

EPSS 0.7766

EPSS Percentile 99.0%

Details

CWE

CWE-20

Status published

Products (1)

sap/netweaver 7.0 ehp1 (2 CPE variants)

Published May 15, 2012

Tracked Since Feb 18, 2026