Vulnerabilities > SAP > Netweaver > 2004s
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-23 | CVE-2013-1593 | Improper Validation of Array Index vulnerability in SAP Netweaver A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. | 7.5 |
| 2020-01-23 | CVE-2013-1592 | Classic Buffer Overflow vulnerability in SAP Netweaver A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code. | 9.8 |
| 2016-10-05 | CVE-2016-4551 | Improper Access Control vulnerability in SAP Netweaver, SAP ABA and SAP Basis The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. | 7.5 |