This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.
The remote database service allows execution of arbitrary commands.
The version of SAP DB / MaxDB installed on the remote host fails to
sanitize user-supplied input to the 'show' and 'exec_sdbinfo' commands
before passing it to a 'system()' call. An unauthenticated, remote
attacker can leverage this issue to execute arbitrary commands on the
affected host subject to the privileges under which the service
operates, which under Windows is SYSTEM.
See also :
Upgrade to MaxDB version 7.6.03 Build 15 (7.6.03.15) or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 9.5
Public Exploit Available : true
Nessus Plugin ID: 29924 ()
Bugtraq ID: 27206
CVE ID: CVE-2008-0244
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.