Lucene search
K
SapMaxdb

8 matches found

CVE
CVE
added 2008/01/12 2:0 a.m.67 views

CVE-2008-0244

SAP MaxDB is affected by a remote command-injection in the exec_sdbinfo handling that invokes cons.exe via system() without proper input validation. This allows unauthenticated remote attackers to execute arbitrary commands on MaxDB servers (MaxDB 7.6.x and earlier; vulnerability noted for 7.6.0....

10CVSS7.4AI score0.80311EPSS
CVE
CVE
added 2008/03/11 11:0 p.m.59 views

CVE-2008-0307

CVE-2008-0307 corresponds to an integer signedness error in SAP MaxDB’s vserver component that can let remote attackers execute arbitrary code by triggering heap corruption. Affected version cited: MaxDB 7.6.0.37 (and possibly others). Exploitation is described as requiring a TCP connection to th...

9.3CVSS7.6AI score0.03996EPSS
CVE
CVE
added 2015/06/02 2:0 p.m.56 views

CVE-2015-2282

CVE-2015-2282 is a stack-based buffer overflow in SAP’s LZC/LZH decompression code used across SAP MaxDB 7.5/7.6, NetWeaver AS ABAP/Java, RFC/GUI SDKs, SAPCAR, and related tools. The flaw (CsObjectInt::CsDecomprLZC and related LZH handling) can cause denial of service (crash) and may allow arbitr...

7.5CVSS8.5AI score0.03518EPSS
CVE
CVE
added 2010/03/29 10:0 p.m.55 views

CVE-2010-1185

SAP MaxDB contains a vulnerability in the serv.exe component where a handshake packet is used to derive a length for a stack copy, enabling a stack-based buffer overflow leading to remote code execution. The issue affects SAP MaxDB versions 7.4.3.32 and 7.6.0.37 through 7.6.06, with the vulnerabl...

10CVSS8.3AI score0.15218EPSS
CVE
CVE
added 2015/06/02 2:0 p.m.55 views

CVE-2015-2278

CVE-2015-2278 and CVE-2015-2282 affect SAP products via the LZH/LZC decompression paths. The root causes are in the LZH BuildHufTree function (vpa108csulzh.cpp) and the LZC decompression logic (vpa106cslzc.cpp), where attacker-controlled indices can trigger out-of-bounds reads/writes. Affected so...

5CVSS6.7AI score0.02131EPSS
CVE
CVE
added 2018/08/14 4:0 p.m.55 views

CVE-2018-2450

CVE-2018-2450 affects SAP MaxDB (liveCache), specifically versions 7.8 and 7.9. The issue allows an attacker who has DBM operator privileges to execute crafted database queries, leading to reading, modification, or deletion of sensitive data from the database. The root cause is described as a SQL...

7.2CVSS7AI score0.01702EPSS
CVE
CVE
added 2008/08/01 2:0 p.m.54 views

CVE-2008-1810

The CVE-2008-1810 issue affects SAP MaxDB 7.6.03.15 on Linux, where the dbmsrv process runs with sdb:sdba privileges and is vulnerable to privilege escalation via a manipulated PATH variable. Local users can exploit an untrusted search path by prefixing PATH with attacker-controlled directories w...

4.4CVSS6.5AI score0.00337EPSS
CVE
CVE
added 2008/03/11 11:0 p.m.51 views

CVE-2008-0306

The CVE-2008-0306 issue affects SAP MaxDB, specifically the sdbstarter component. The connected records describe a design/error in how sdbstarter handles environment variables used to configure MaxDB components, allowing a local attacker to escalate privileges to root by manipulating these variab...

6.9CVSS7.1AI score0.00371EPSS