7.5

CVE-2003-0118

EPSS 4.09%
Published 12.05.2003 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.

Affected products Warnungen 0 Metrics 2 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Biztalk Server Version2000 Editiondeveloper

Microsoft ≫ Biztalk Server Version2000 Editionenterprise

Microsoft ≫ Biztalk Server Version2000 Editionstandard

Microsoft ≫ Biztalk Server Version2000 Updatesp1a Editiondeveloper

Microsoft ≫ Biztalk Server Version2000 Updatesp1a Editionenterprise

Microsoft ≫ Biztalk Server Version2000 Updatesp1a Editionstandard

Microsoft ≫ Biztalk Server Version2000 Updatesp2 Editiondeveloper

Microsoft ≫ Biztalk Server Version2000 Updatesp2 Editionenterprise

Microsoft ≫ Biztalk Server Version2000 Updatesp2 Editionstandard

Microsoft ≫ Biztalk Server Version2002 Editiondeveloper

Microsoft ≫ Biztalk Server Version2002 Editionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.09%	0.881

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-016

http://marc.info/?l=bugtraq&m=105216839231951&w=2

https://nvd.nist.gov/vuln/detail/CVE-2003-0118

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2003-0118

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2003-0118

EUVD