Lucene search

[email protected]CVE-2003-0938

HistoryDec 15, 2003 - 5:00 a.m.

CVE-2003-0938

2003-12-1505:00:00

[email protected]

web.nvd.nist.gov

sap db

local privilege escalation

netapi32.dll

security vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious “NETAPI32.DLL” in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure.

Affected configurations

NVD

Node

sapsap_dbRange≤7.4.03.27

CPENameOperatorVersion
sap:sap_dbsap sap dble7.4.03.27

CPE	Name	Operator	Version
sap:sap_db	sap sap db	le	7.4.03.27

References

www.atstake.com/research/advisories/2003/a111703-1.txt

exchange.xforce.ibmcloud.com/vulnerabilities/13765

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2003-0938

nvd1 cvelist1 securityvulns1