Unrated severityNVD Advisory· Published May 15, 2012· Updated Apr 29, 2026

CVE-2012-2611

Description

The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.

Affected products

SAP/Netweaver2 versions
cpe:2.3:a:sap:netweaver:7.0:ehp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sap:netweaver:7.0:ehp1:*:*:*:*:*:*
- cpe:2.3:a:sap:netweaver:7.0:ehp2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilitiesnvdExploit
scn.sap.com/docs/DOC-8218nvd
www.securitytracker.com/idnvd
service.sap.com/sap/support/notes/1687910nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.062
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000