Lucene search

[email protected]CVE-2003-1037

HistoryApr 15, 2004 - 4:00 a.m.

CVE-2003-1037

2004-04-1504:00:00

[email protected]

web.nvd.nist.gov

cve-2003-1037

format string vulnerability

sap

its

wgate

remote code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.029 Low

EPSS

Percentile

90.8%

JSON

Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high “trace level.”

Affected configurations

NVD

Node

sapinternet_transaction_serverRange≤4.6_pl463

sapinternet_transaction_serverRange≤6.10_pl30

sapinternet_transaction_serverRange≤6.20_pl7

CPENameOperatorVersion
sap:internet_transaction_serversap internet transaction serverle4.6_pl463
sap:internet_transaction_serversap internet transaction serverle6.10_pl30
sap:internet_transaction_serversap internet transaction serverle6.20_pl7

CPE	Name	Operator	Version
sap:internet_transaction_server	sap internet transaction server	le	4.6_pl463
sap:internet_transaction_server	sap internet transaction server	le	6.10_pl30
sap:internet_transaction_server	sap internet transaction server	le	6.20_pl7

References

securitytracker.com/id?1009453

www.phenoelit.de/stuff/Phenoelit20c3.pd

exchange.xforce.ibmcloud.com/vulnerabilities/15514

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.029 Low

EPSS

Percentile

90.8%

JSON

Related for CVE-2003-1037

cvelist1 nvd1