Vulnerability Details : CVE-2006-2547
Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling.
Exploit prediction scoring system (EPSS) score for CVE-2006-2547
Probability of exploitation activity in the next 30 days: 0.53%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-2547
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
[email protected] |
References for CVE-2006-2547
-
http://www.securityfocus.com/archive/1/434534/30/4890/threaded
-
http://www.vupen.com/english/advisories/2006/1861
-
http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Local_Privilege_Escalation_in_SAP_sapdba_Command.pdf
Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/26526
-
http://www.securityfocus.com/bid/18028
-
http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046130.html
Patch
-
http://securityreason.com/securityalert/941
- http://securitytracker.com/id?1016122
Products affected by CVE-2006-2547
- cpe:2.3:a:sap:sapdba:*:*:*:*:*:*:*:*