CVE-2006-2547

Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046130.html	Patch
http://secunia.com/advisories/20180	Vendor Advisory
http://securityreason.com/securityalert/941
http://securitytracker.com/id?1016122
http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Local_Privilege_Escalation_in_SAP_sapdba_Command.pdf	Patch
http://www.securityfocus.com/archive/1/434534/30/4890/threaded
http://www.securityfocus.com/bid/18028
http://www.vupen.com/english/advisories/2006/1861
https://exchange.xforce.ibmcloud.com/vulnerabilities/26526

Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:sapdba:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-05-23 10:06

Updated : 2024-02-28 10:42

NVD link : CVE-2006-2547

Mitre link : CVE-2006-2547

CVE.ORG link : CVE-2006-2547

JSON object : View

Products Affected

sap

sapdba

CWE

NVD-CWE-Other

{"id": "CVE-2006-2547", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-05-23T10:06:00.000", "references": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046130.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20180", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/941", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016122", "source": "cve@mitre.org"}, {"url": "http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Local_Privilege_Escalation_in_SAP_sapdba_Command.pdf", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/434534/30/4890/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/18028", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1861", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26526", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to \"insecure environment variable\" handling."}], "lastModified": "2018-10-18T16:40:38.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:sapdba:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "023D50B3-48DD-46B1-A084-B5F641D94981"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}