cvelistv5 - cve-2008-0244

cve-2008-0244

Vulnerability from cvelistv5

Published

2008-01-12 02:00

Modified

2024-08-07 07:39

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://aluigi.altervista.org/adv/sapone-adv.txt	Exploit
cve@mitre.org	http://secunia.com/advisories/28409	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/3536
cve@mitre.org	http://www.securityfocus.com/archive/1/486039/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/27206	Exploit
cve@mitre.org	http://www.securitytracker.com/id?1019171
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0104
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39573
cve@mitre.org	https://www.exploit-db.com/exploits/4877
af854a3a-2127-422b-91ae-364da2661108	http://aluigi.altervista.org/adv/sapone-adv.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28409	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3536
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486039/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27206	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019171
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0104
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39573
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/4877

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:39:34.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28409",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28409"
          },
          {
            "name": "20080109 Pre-auth remote commands execution in SAP MaxDB 7.6.03.07",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/486039/100/0/threaded"
          },
          {
            "name": "ADV-2008-0104",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0104"
          },
          {
            "name": "4877",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/4877"
          },
          {
            "name": "1019171",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019171"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://aluigi.altervista.org/adv/sapone-adv.txt"
          },
          {
            "name": "3536",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3536"
          },
          {
            "name": "maxdb-system-command-execution(39573)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39573"
          },
          {
            "name": "27206",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27206"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via \"\u0026\u0026\" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "28409",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28409"
        },
        {
          "name": "20080109 Pre-auth remote commands execution in SAP MaxDB 7.6.03.07",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/486039/100/0/threaded"
        },
        {
          "name": "ADV-2008-0104",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0104"
        },
        {
          "name": "4877",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/4877"
        },
        {
          "name": "1019171",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019171"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://aluigi.altervista.org/adv/sapone-adv.txt"
        },
        {
          "name": "3536",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3536"
        },
        {
          "name": "maxdb-system-command-execution(39573)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39573"
        },
        {
          "name": "27206",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27206"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0244",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via \"\u0026\u0026\" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28409",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28409"
            },
            {
              "name": "20080109 Pre-auth remote commands execution in SAP MaxDB 7.6.03.07",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/486039/100/0/threaded"
            },
            {
              "name": "ADV-2008-0104",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0104"
            },
            {
              "name": "4877",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/4877"
            },
            {
              "name": "1019171",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019171"
            },
            {
              "name": "http://aluigi.altervista.org/adv/sapone-adv.txt",
              "refsource": "MISC",
              "url": "http://aluigi.altervista.org/adv/sapone-adv.txt"
            },
            {
              "name": "3536",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3536"
            },
            {
              "name": "maxdb-system-command-execution(39573)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39573"
            },
            {
              "name": "27206",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27206"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0244",
    "datePublished": "2008-01-12T02:00:00",
    "dateReserved": "2008-01-11T00:00:00",
    "dateUpdated": "2024-08-07T07:39:34.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:maxdb:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.6.3_build_007\", \"matchCriteriaId\": \"C15B96CF-B854-4A87-B702-3784333F9D1F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via \\\"\u0026\u0026\\\" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.\"}, {\"lang\": \"es\", \"value\": \"SAP MaxDB 7.6.03 build 007 y versiones anteriores, permite que atacantes remotos ejecuten comandos arbitrarios usando \\\"$$\\\", adem\\u00e1s de otros metacarateres del int\\u00e9prete de comandos (shell) en exec_sdbinfo, y de otros comandos no especificados, que se ejecutan cuando MaxDB invoca a cons.exe\"}]",
      "id": "CVE-2008-0244",
      "lastModified": "2024-11-21T00:41:29.393",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-01-12T02:46:00.000",
      "references": "[{\"url\": \"http://aluigi.altervista.org/adv/sapone-adv.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/28409\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3536\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/486039/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/27206\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1019171\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0104\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39573\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/4877\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://aluigi.altervista.org/adv/sapone-adv.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/28409\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3536\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/486039/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/27206\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1019171\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0104\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39573\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/4877\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0244\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-01-12T02:46:00.000\",\"lastModified\":\"2024-11-21T00:41:29.393\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via \\\"\u0026\u0026\\\" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.\"},{\"lang\":\"es\",\"value\":\"SAP MaxDB 7.6.03 build 007 y versiones anteriores, permite que atacantes remotos ejecuten comandos arbitrarios usando \\\"$$\\\", adem\u00e1s de otros metacarateres del int\u00e9prete de comandos (shell) en exec_sdbinfo, y de otros comandos no especificados, que se ejecutan cuando MaxDB invoca a cons.exe\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:maxdb:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.6.3_build_007\",\"matchCriteriaId\":\"C15B96CF-B854-4A87-B702-3784333F9D1F\"}]}]}],\"references\":[{\"url\":\"http://aluigi.altervista.org/adv/sapone-adv.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/28409\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3536\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/486039/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/27206\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1019171\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0104\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39573\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/4877\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://aluigi.altervista.org/adv/sapone-adv.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/28409\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3536\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/486039/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/27206\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1019171\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0104\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39573\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/4877\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe. SAP MaxDB is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. Multiple database commands expose this issue, including one that is available prior to authentication. MaxDB 7.6.03 build 007 is vulnerable to this issue; other versions may also be affected.

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

Download and test it today: https://psi.secunia.com/

Read more about this new version: https://psi.secunia.com/?page=changelog

TITLE: MaxDB DBM Command Processing Command Execution Vulnerability

SECUNIA ADVISORY ID: SA28409

VERIFY ADVISORY: http://secunia.com/advisories/28409/

CRITICAL: Moderately critical

IMPACT: System access

WHERE:

From local network

SOFTWARE: MaxDB 7.x http://secunia.com/product/4012/

DESCRIPTION: Luigi Auriemma has discovered a vulnerability in MaxDB, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an input validation error in the handling of certain DBM commands (e.g. sending a specially crafted packet to default port 7210/TCP.

The vulnerability is confirmed in version 7.6.03.07 on Windows.

SOLUTION: Restrict network access to the database service.

PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma

ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/sapone-adv.txt

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200801-0222",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "maxdb",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.6.3_build_007"
      },
      {
        "model": "maxdb",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sap",
        "version": "7.6.03 build 007"
      },
      {
        "model": "maxdb",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sap",
        "version": "7.6.3_build_007"
      },
      {
        "model": "maxdb build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.6.3007"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "27206"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005366"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-173"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:maxdb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.6.3_build_007",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0244"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Luigi Auriemma\u203b aluigi@pivx.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-173"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-0244",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2008-0244",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-0244",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200801-173",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005366"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-173"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via \"\u0026\u0026\" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe. SAP MaxDB is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. Multiple database commands expose this issue, including one that is available prior to authentication. \nMaxDB 7.6.03 build 007 is vulnerable to this issue; other versions may also be affected. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nMaxDB DBM Command Processing Command Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA28409\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28409/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nMaxDB 7.x\nhttp://secunia.com/product/4012/\n\nDESCRIPTION:\nLuigi Auriemma has discovered a vulnerability in MaxDB, which can be\nexploited by malicious people to compromise a vulnerable system. \n\nThe vulnerability is caused due to an input validation error in the\nhandling of certain DBM commands (e.g. sending a specially crafted packet to default port 7210/TCP. \n\nThe vulnerability is confirmed in version 7.6.03.07 on Windows. \n\nSOLUTION:\nRestrict network access to the database service. \n\nPROVIDED AND/OR DISCOVERED BY:\nLuigi Auriemma\n\nORIGINAL ADVISORY:\nhttp://aluigi.altervista.org/adv/sapone-adv.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0244"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005366"
      },
      {
        "db": "BID",
        "id": "27206"
      },
      {
        "db": "PACKETSTORM",
        "id": "62509"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-0244",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "27206",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "28409",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0104",
        "trust": 1.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "4877",
        "trust": 1.6
      },
      {
        "db": "SREASON",
        "id": "3536",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1019171",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005366",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "39573",
        "trust": 0.6
      },
      {
        "db": "MILW0RM",
        "id": "4877",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "11368",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20080109 PRE-AUTH REMOTE COMMANDS EXECUTION IN SAP MAXDB 7.6.03.07",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-173",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "62509",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "27206"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005366"
      },
      {
        "db": "PACKETSTORM",
        "id": "62509"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-173"
      }
    ]
  },
  "id": "VAR-200801-0222",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.1359447
  },
  "last_update_date": "2023-12-18T13:04:54.989000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://maxdb.sap.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005366"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005366"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0244"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://aluigi.altervista.org/adv/sapone-adv.txt"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/28409"
      },
      {
        "trust": 1.6,
        "url": "http://securityreason.com/securityalert/3536"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/27206"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id?1019171"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/486039/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2008/0104"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39573"
      },
      {
        "trust": 1.0,
        "url": "https://www.exploit-db.com/exploits/4877"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0244"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0244"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/39573"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/486039/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.milw0rm.com/exploits/4877"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/0104"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/11368"
      },
      {
        "trust": 0.3,
        "url": "https://www.sdn.sap.com/irj/sdn/maxdb"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/486039"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4012/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/?page=changelog"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28409/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "27206"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005366"
      },
      {
        "db": "PACKETSTORM",
        "id": "62509"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-173"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "27206"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005366"
      },
      {
        "db": "PACKETSTORM",
        "id": "62509"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-173"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-01-09T00:00:00",
        "db": "BID",
        "id": "27206"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-005366"
      },
      {
        "date": "2008-01-10T23:06:04",
        "db": "PACKETSTORM",
        "id": "62509"
      },
      {
        "date": "2008-01-12T02:46:00",
        "db": "NVD",
        "id": "CVE-2008-0244"
      },
      {
        "date": "2008-01-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200801-173"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-02-09T05:51:00",
        "db": "BID",
        "id": "27206"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-005366"
      },
      {
        "date": "2018-10-15T21:58:51.733000",
        "db": "NVD",
        "id": "CVE-2008-0244"
      },
      {
        "date": "2008-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200801-173"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-173"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP MaxDB Vulnerable to arbitrary command execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005366"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200801-173"
      }
    ],
    "trust": 0.6
  }
}

ghsa-m8c7-xxh7-qrh7

Vulnerability from github

Published

2022-05-01 23:28

Modified

2022-05-01 23:28

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0244"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-01-12T02:46:00Z",
    "severity": "HIGH"
  },
  "details": "SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via \"\u0026\u0026\" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.",
  "id": "GHSA-m8c7-xxh7-qrh7",
  "modified": "2022-05-01T23:28:32Z",
  "published": "2022-05-01T23:28:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0244"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39573"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/4877"
    },
    {
      "type": "WEB",
      "url": "http://aluigi.altervista.org/adv/sapone-adv.txt"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28409"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3536"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/486039/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27206"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019171"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0104"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2008-0244

Vulnerability from fkie_nvd

Published

2008-01-12 02:46

Modified

2024-11-21 00:41

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://aluigi.altervista.org/adv/sapone-adv.txt	Exploit
cve@mitre.org	http://secunia.com/advisories/28409	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/3536
cve@mitre.org	http://www.securityfocus.com/archive/1/486039/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/27206	Exploit
cve@mitre.org	http://www.securitytracker.com/id?1019171
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0104
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39573
cve@mitre.org	https://www.exploit-db.com/exploits/4877
af854a3a-2127-422b-91ae-364da2661108	http://aluigi.altervista.org/adv/sapone-adv.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28409	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3536
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/486039/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27206	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019171
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0104
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39573
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/4877

Impacted products

	Vendor	Product	Version
	sap	maxdb	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:maxdb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C15B96CF-B854-4A87-B702-3784333F9D1F",
              "versionEndIncluding": "7.6.3_build_007",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via \"\u0026\u0026\" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe."
    },
    {
      "lang": "es",
      "value": "SAP MaxDB 7.6.03 build 007 y versiones anteriores, permite que atacantes remotos ejecuten comandos arbitrarios usando \"$$\", adem\u00e1s de otros metacarateres del int\u00e9prete de comandos (shell) en exec_sdbinfo, y de otros comandos no especificados, que se ejecutan cuando MaxDB invoca a cons.exe"
    }
  ],
  "id": "CVE-2008-0244",
  "lastModified": "2024-11-21T00:41:29.393",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-01-12T02:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://aluigi.altervista.org/adv/sapone-adv.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28409"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3536"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/486039/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/27206"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019171"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0104"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39573"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/4877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://aluigi.altervista.org/adv/sapone-adv.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/486039/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/27206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39573"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4877"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2008-0244

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2008-0244

Aliases

CVE-2008-0244

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0244",
    "description": "SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via \"\u0026\u0026\" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.",
    "id": "GSD-2008-0244"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0244"
      ],
      "details": "SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via \"\u0026\u0026\" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.",
      "id": "GSD-2008-0244",
      "modified": "2023-12-13T01:22:59.108536Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0244",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via \"\u0026\u0026\" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "28409",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28409"
          },
          {
            "name": "20080109 Pre-auth remote commands execution in SAP MaxDB 7.6.03.07",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/486039/100/0/threaded"
          },
          {
            "name": "ADV-2008-0104",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0104"
          },
          {
            "name": "4877",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/4877"
          },
          {
            "name": "1019171",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019171"
          },
          {
            "name": "http://aluigi.altervista.org/adv/sapone-adv.txt",
            "refsource": "MISC",
            "url": "http://aluigi.altervista.org/adv/sapone-adv.txt"
          },
          {
            "name": "3536",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3536"
          },
          {
            "name": "maxdb-system-command-execution(39573)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39573"
          },
          {
            "name": "27206",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27206"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:maxdb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.6.3_build_007",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0244"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via \"\u0026\u0026\" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://aluigi.altervista.org/adv/sapone-adv.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://aluigi.altervista.org/adv/sapone-adv.txt"
            },
            {
              "name": "27206",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/27206"
            },
            {
              "name": "1019171",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019171"
            },
            {
              "name": "28409",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28409"
            },
            {
              "name": "3536",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3536"
            },
            {
              "name": "ADV-2008-0104",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0104"
            },
            {
              "name": "maxdb-system-command-execution(39573)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39573"
            },
            {
              "name": "4877",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/4877"
            },
            {
              "name": "20080109 Pre-auth remote commands execution in SAP MaxDB 7.6.03.07",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/486039/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T21:58Z",
      "publishedDate": "2008-01-12T02:46Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2008-0244

Vulnerability from cvelistv5

var-200801-0222

Vulnerability from variot

ghsa-m8c7-xxh7-qrh7

Vulnerability from github

cve-2008-0244

Vulnerability from fkie_nvd

gsd-2008-0244

Vulnerability from gsd

Tags

Sightings

Nomenclature