6.4

CVE-2006-0732

EPSS 3.08%
Published 16.02.2006 11:02:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle.  Details will be updated after the grace period has ended.  NOTE: SAP Business Connector is an OEM version of webMethods Integration Server.  webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port; however, both are discouraged in the documentation.  In addition, the attacker must already have acquired administrative privileges through other means.

Affected products Warnungen 0 Metrics 2 CWE 0 References 13

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Business Connector Version4.6

SAP ≫ Business Connector Version4.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.08%	0.855

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

http://secunia.com/advisories/18880

Vendor Advisory

http://securitytracker.com/id?1015639

http://www.vupen.com/english/advisories/2006/0611

http://securitytracker.com/id?1016090

http://securitytracker.com/id?1016122

http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf

http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf

Vendor Advisory

http://www.securityfocus.com/archive/1/425048/100/0/threaded

http://www.securityfocus.com/archive/1/434014/30/4980/threaded

http://www.securityfocus.com/bid/16668

https://nvd.nist.gov/vuln/detail/CVE-2006-0732

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0732

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0732

EUVD