ID
VAR-E-200712-0432
TITLE
SAP MaxDB Unspecified Remote Execution Vulnerability
Trust: 0.3
sources:
BID: 26822
DESCRIPTION
SAP MaxDB is prone to an unspecified remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will crash the application.
This issue affects MaxDB 7.6.00.37 and 7.4.3.32; other versions may also be affected.
Trust: 0.3
sources:
BID: 26822
AFFECTED PRODUCTS
| vendor: | sap | model: | maxdb | scope: | eq | version: | 7.6.00.37 | Trust: 0.3 |
| vendor: | sap | model: | maxdb | scope: | eq | version: | 7.4.3.32 | Trust: 0.3 |
sources:
BID: 26822
EXPLOIT
A proof of concept has been developed. It may be publicly available or circulating in the wild, but this has not been confirmed.
Trust: 0.3
sources:
BID: 26822
PRICE
Free
Trust: 0.3
sources:
BID: 26822
TYPE
Unknown
Trust: 0.3
sources:
BID: 26822
CREDITS
WabiSabiLabi disclosed this vulnerability.
Trust: 0.3
sources:
BID: 26822
EXTERNAL IDS
| db: | BID | id: | 26822 | Trust: 0.3 |
sources:
BID: 26822
REFERENCES
| url: | https://www.sdn.sap.com/irj/sdn/maxdb | Trust: 0.3 |
| url: | http://wslabi.com/wabisabilabi/showbidinfo.do?code=zd-00000166 | Trust: 0.3 |
| url: | http://wabisabilabi.blogspot.com/2007/12/focus-on-sap-maxdb-remote-code.html | Trust: 0.3 |
sources:
BID: 26822
SOURCES
| db: | BID | id: | 26822 |
LAST UPDATE DATE
2022-07-27T09:46:13.257000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 26822 | date: | 2007-12-12T21:32:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 26822 | date: | 2007-12-11T00:00:00 |