CVE-2006-5784

medium

Description

Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.

References

https://www.exploit-db.com/exploits/3291

https://exchange.xforce.ibmcloud.com/vulnerabilities/29982

http://www.vupen.com/english/advisories/2006/4318

http://www.securitytracker.com/id?1017628

http://www.securityfocus.com/bid/20877

http://www.securityfocus.com/archive/1/459499/100/0/threaded

http://www.securityfocus.com/archive/1/450394/100/0/threaded

http://securityreason.com/securityalert/1828

http://secunia.com/advisories/22677

Details

Source: Mitre, NVD

Published: 2006-11-07

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.03662