CVE-2006-2547

Published May 23, 2006

Last updated 6 years ago

Overview

Description: Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:sapdba:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "023D50B3-48DD-46B1-A084-B5F641D94981"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

https://nvd.nist.gov/vuln/detail/CVE-2006-2547
http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046130.html
http://secunia.com/advisories/20180
http://securityreason.com/securityalert/941
http://securitytracker.com/id?1016122
http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Local_Privilege_Escalation_in_SAP_sapdba_Command.pdf
http://www.securityfocus.com/archive/1/434534/30/4890/threaded
http://www.securityfocus.com/bid/18028
http://www.vupen.com/english/advisories/2006/1861
https://exchange.xforce.ibmcloud.com/vulnerabilities/26526

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References