CVE-2006-2547 : Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local u

Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling.

Published 2006-05-23 10:06:00

Updated 2018-10-18 16:40:39

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2006-2547

Probability of exploitation activity in the next 30 days: 0.75%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-2547

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2006-2547

http://www.securityfocus.com/archive/1/434534/30/4890/threaded
http://www.vupen.com/english/advisories/2006/1861
http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Local_Privilege_Escalation_in_SAP_sapdba_Command.pdf

Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/26526
http://www.securityfocus.com/bid/18028
http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046130.html

Patch
http://securityreason.com/securityalert/941
http://securitytracker.com/id?1016122

CVEs referencing this url

Products affected by CVE-2006-2547

SAP » Sapdba
cpe:2.3:a:sap:sapdba:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-2547

Exploit prediction scoring system (EPSS) score for CVE-2006-2547

CVSS scores for CVE-2006-2547

References for CVE-2006-2547

Products affected by CVE-2006-2547