6.4

CVE-2006-0732

EPSS 3.08%
Veröffentlicht 16.02.2006 11:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle.  Details will be updated after the grace period has ended.  NOTE: SAP Business Connector is an OEM version of webMethods Integration Server.  webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port; however, both are discouraged in the documentation.  In addition, the attacker must already have acquired administrative privileges through other means.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Business Connector Version4.6

SAP ≫ Business Connector Version4.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.08%	0.855

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

http://secunia.com/advisories/18880

Vendor Advisory

http://securitytracker.com/id?1015639

http://www.vupen.com/english/advisories/2006/0611

http://securitytracker.com/id?1016090

http://securitytracker.com/id?1016122

http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf

http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf

Vendor Advisory

http://www.securityfocus.com/archive/1/425048/100/0/threaded

http://www.securityfocus.com/archive/1/434014/30/4980/threaded

http://www.securityfocus.com/bid/16668

https://nvd.nist.gov/vuln/detail/CVE-2006-0732

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0732

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0732

EUVD