4.6

CVE-2006-5784

EPSS 3.91%
Veröffentlicht 07.11.2006 23:07:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Sap Web Application Server Version6.40

SAP ≫ Sap Web Application Server Version7.00

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.91%	0.878

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/22677

Patch

Vendor Advisory

http://securityreason.com/securityalert/1828

http://www.securityfocus.com/archive/1/450394/100/0/threaded

http://www.securityfocus.com/archive/1/459499/100/0/threaded

http://www.securityfocus.com/bid/20877

http://www.securitytracker.com/id?1017628

http://www.vupen.com/english/advisories/2006/4318

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/29982

https://www.exploit-db.com/exploits/3291

https://nvd.nist.gov/vuln/detail/CVE-2006-5784

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-5784

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-5784

EUVD