Vulnerability Details : CVE-2006-2547
Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling.
Products affected by CVE-2006-2547
- cpe:2.3:a:sap:sapdba:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-2547
0.75%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-2547
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2006-2547
-
http://www.securityfocus.com/archive/1/434534/30/4890/threaded
-
http://www.vupen.com/english/advisories/2006/1861
-
http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Local_Privilege_Escalation_in_SAP_sapdba_Command.pdf
Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/26526
-
http://www.securityfocus.com/bid/18028
-
http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046130.html
Patch
-
http://securityreason.com/securityalert/941
-
http://securitytracker.com/id?1016122
Jump to