Detections
Analytics
SAP DB / MaxDB Cons Program Arbitrary Command Execution
high Nessus Network Monitor Plugin ID 4337
Synopsis
The remote database service allows execution of arbitrary commands.Description
The version of SAP DB / MaxDB installed on the remote host fails to sanitize user-supplied input to the 'show' and 'exec_sdbinfo' commands before passing it to a 'system()' call. An unauthenticated remote attacker can leverage this issue to execute arbitrary commands on the affected host subject to the privileges under which the service operates, which under Windows is SYSTEM.Solution
No solution is known at this time.See Also
https://www.sdn.sap.com/irj/sdn/thread?threadID=697805&tstart=50
http://maxdb.sap.com/webpts?wptsdetail=yes&ErrorType=0&ErrorID=1152820
http://archives.neohapsis.com/archives/bugtraq/2008-01/0102.html
Plugin Details
Severity: High
ID: 4337
Family: Database
Published: 1/11/2008
Updated: 3/6/2019
Nessus ID: 29924
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 7.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: High
Base Score: 7.3
Temporal Score: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:F/RL:U/RC:X
Vulnerability Information
CPE: cpe:/a:sap:maxdb
Exploitable With
CANVAS (D2ExploitPack)
Core Impact
Reference Information
CVE: CVE-2008-0244
BID: 27206