SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSap Netweaver
APPSap7.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEDoS
Powiązane podatności
CVE-2025-42999CRITICAL9.1⚠ KEVPL ✓ten sam produkt
SAP NetWeaver Visual Composer — niebezpieczna deserializacja treści
CVE-2025-31324CRITICAL10.0⚠ KEVPL ✓ten sam produkt
SAP NetWeaver: nieautoryzowany upload plików wykonywalnych w Visual Composer
CVE-2021-38163CRITICAL9.9⚠ KEVten sam produkt
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker aut...
CVE-2023-36922CRITICAL9.1ten sam produkt
Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an ...
CVE-2020-6203CRITICAL9.1ten sam produkt
SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an a...