Lucene search

[email protected]CVE-2011-5154

HistorySep 06, 2012 - 10:41 a.m.

CVE-2011-5154

2012-09-0610:41:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2011-5154

sap

gui

untrusted search path

vulnerabilities

security

privilege escalation

sapgui.exe

bexanalyzer.exe

6.9 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.4%

JSON

Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
sap:graphical_user_interfacesap graphical user interfaceeq6.4
sap:graphical_user_interfacesap graphical user interfaceeq7.2

CPE	Name	Operator	Version
sap:graphical_user_interface	sap graphical user interface	eq	6.4
sap:graphical_user_interface	sap graphical user interface	eq	7.2

References

dsecrg.com/pages/vul/show.php?id=314

secunia.com/advisories/43707

www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a

service.sap.com/sap/support/notes/1511179

Social References

6.9 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.4%

JSON

Related for CVE-2011-5154

cvelist1 prion1 nessus1