PT-2008-1888 · Sap · Sap Maxdb

Luigi Auriemma

Publicado

2008-01-12

Atualizado

2018-10-15

CVE-2008-0244

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SAP MaxDB version 7.6.03 build 007 and earlier

Description The issue allows remote attackers to execute arbitrary commands. This is achieved by using shell metacharacters, such as &&, in commands like exec sdbinfo and other unspecified commands. These commands are executed when MaxDB invokes cons.exe.

Recommendations For SAP MaxDB version 7.6.03 build 007 and earlier, consider restricting the use of exec sdbinfo and other affected commands until a fix is available. As a temporary workaround, avoid using shell metacharacters like && in these commands to minimize the risk of exploitation.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2008-0244

Produtos afetados

Sap Maxdb

PT-2008-1888 · Sap · Sap Maxdb

CVE-2008-0244

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11