icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

SAP MaxDB Multiple Vulnerabilities

High

Synopsis

The remote database server is affected by multiple issues.

Description

The remote host is running MaxDB, a database server from SAP. According to its version, the remote server is affected by multiple flaws. - A vulnerability in the 'vserver' process could allow an unauthenticated attacker to execute arbitrary code, subject to the privileges of the user under which the process operates. In order to successfully exploit this issue, an attacker must have prior knowledge of an active database name on the server. - A design error in 'sdbstarter' could allow an attacker to elevate his privileges to root level. - A vulnerability in cons.exe could allow command execution before authenticating to the database server.

Solution

Upgrade to SAP MaxDB 7.7.04 Build 08 / 7.7.03 Build 23 / 7.7.02 Build 20 / 7.6.05 Build 02 / 7.6.04 Build 06 / 7.6.03 Build 15 / 7.5.00 Build 48 or higher.