Lucene search

[email protected]CVE-2006-2547

HistoryMay 23, 2006 - 10:06 a.m.

CVE-2006-2547

2006-05-2310:06:00

[email protected]

web.nvd.nist.gov

cve-2006-2547

sap

informix

vulnerability

insecure environment variable

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

81.1%

JSON

Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to “insecure environment variable” handling.

Affected configurations

NVD

Node

sapsapdba

CPENameOperatorVersion
sap:sapdbasap sapdbaeq*

CPE	Name	Operator	Version
sap:sapdba	sap sapdba	eq	*

References

lists.grok.org.uk/pipermail/full-disclosure/2006-May/046130.html

secunia.com/advisories/20180

securityreason.com/securityalert/941

securitytracker.com/id?1016122

www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Local_Privilege_Escalation_in_SAP_sapdba_Command.pdf

www.securityfocus.com/archive/1/434534/30/4890/threaded

www.securityfocus.com/bid/18028

www.vupen.com/english/advisories/2006/1861

exchange.xforce.ibmcloud.com/vulnerabilities/26526

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

81.1%

JSON

Related for CVE-2006-2547

nvd1 prion1 cvelist1