Lucene search

[email protected]CVE-2008-0244

HistoryJan 12, 2008 - 2:46 a.m.

CVE-2008-0244

2008-01-1202:46:00

CWE-20

[email protected]

web.nvd.nist.gov

sap

maxdb

remote command execution

cve-2008-0244

security vulnerability

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.968 High

EPSS

Percentile

99.7%

JSON

SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via “&&” and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.

Affected configurations

NVD

Node

sapmaxdbRange≤7.6.3_build_007

CPENameOperatorVersion
sap:maxdbsap maxdble7.6.3_build_007

CPE	Name	Operator	Version
sap:maxdb	sap maxdb	le	7.6.3_build_007

References

aluigi.altervista.org/adv/sapone-adv.txt

secunia.com/advisories/28409

securityreason.com/securityalert/3536

www.securityfocus.com/archive/1/486039/100/0/threaded

www.securityfocus.com/bid/27206

www.securitytracker.com/id?1019171

www.vupen.com/english/advisories/2008/0104

exchange.xforce.ibmcloud.com/vulnerabilities/39573

www.exploit-db.com/exploits/4877

Social References

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.968 High

EPSS

Percentile

99.7%

JSON

Related for CVE-2008-0244

d21 ubuntucve1 saint4 nvd1 prion1 cvelist1 checkpoint_advisories1 nessus2