- Description
- Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4315FA17-CFBE-4F1D-950B-C967F32DF1BC",
"versionEndIncluding": "4.6_pl463"
},
{
"criteria": "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2FFA9A8F-18BF-46EA-BFEE-5668F49B04F5",
"versionEndIncluding": "6.10_pl30"
},
{
"criteria": "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3CEE18CC-A79B-4FFD-B044-F32A7522FA3B",
"versionEndIncluding": "6.20_pl7"
}
],
"operator": "OR"
}
]
}
]