CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
89.8%
SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | biztalk_server | 2000 | cpe:2.3:a:microsoft:biztalk_server:2000:*:developer:*:*:*:*:* |
microsoft | biztalk_server | 2000 | cpe:2.3:a:microsoft:biztalk_server:2000:*:enterprise:*:*:*:*:* |
microsoft | biztalk_server | 2000 | cpe:2.3:a:microsoft:biztalk_server:2000:*:standard:*:*:*:*:* |
microsoft | biztalk_server | 2000 | cpe:2.3:a:microsoft:biztalk_server:2000:sp1a:developer:*:*:*:*:* |
microsoft | biztalk_server | 2000 | cpe:2.3:a:microsoft:biztalk_server:2000:sp1a:enterprise:*:*:*:*:* |
microsoft | biztalk_server | 2000 | cpe:2.3:a:microsoft:biztalk_server:2000:sp1a:standard:*:*:*:*:* |
microsoft | biztalk_server | 2000 | cpe:2.3:a:microsoft:biztalk_server:2000:sp2:developer:*:*:*:*:* |
microsoft | biztalk_server | 2000 | cpe:2.3:a:microsoft:biztalk_server:2000:sp2:enterprise:*:*:*:*:* |
microsoft | biztalk_server | 2000 | cpe:2.3:a:microsoft:biztalk_server:2000:sp2:standard:*:*:*:*:* |
microsoft | biztalk_server | 2002 | cpe:2.3:a:microsoft:biztalk_server:2002:*:developer:*:*:*:*:* |