CVE-2002-1576

2004-03-1605:00:00

mitre

www.cve.org

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.

References

marc.info/?l=bugtraq&m=103903565829796&w=2

www.sapdb.org/sap_db_alert.htm

www.securityfocus.com/bid/6316

exchange.xforce.ibmcloud.com/vulnerabilities/10762