var-200808-0238
Vulnerability from variot
Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable. SAP MaxDB is prone to a local privilege-escalation vulnerability that occurs in the 'dbmsrv' process because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary code with 'sdb:sdba' privileges. Successfully exploiting this issue will compromise the affected application and possibly the underlying computer. SAP MaxDB 7.6.03.15 on Linux is vulnerable; other versions running on different platforms may also be affected. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/
TITLE: MaxDB "dbmsrv" Privilege Escalation Vulnerability
SECUNIA ADVISORY ID: SA31318
VERIFY ADVISORY: http://secunia.com/advisories/31318/
CRITICAL: Less critical
IMPACT: Privilege escalation
WHERE: Local system
SOFTWARE: MaxDB 7.x http://secunia.com/product/4012/
DESCRIPTION: A vulnerability has been reported in MaxDB, which can be exploited by malicious, local users to gain escalated privileges.
PROVIDED AND/OR DISCOVERED BY: anonymous researcher, reported via iDefense
ORIGINAL ADVISORY: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=729
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. iDefense Security Advisory 07.30.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 30, 2008
I. BACKGROUND
SAP's MaxDB is a database software product. MaxDB was released as open source from version 7.5 up to version 7.6.00. Later versions are no longer open source but are available for download from the SAP SDN website (sdn.sap.com) as a community edition with free community support for public use beyond the scope of SAP applications. The "dbmsrv" program is set-uid "sdb", set-gid "sdba", and installed by default. For more information, visit the product's website at the following URL.
https://www.sdn.sap.com/irj/sdn/maxdb
II.
When a local user runs the "dbmcli" program, the MaxDB executes a "dbmsrv" process on the user's behalf. The "dbmsrv" process, which is responsible for executing user commands, runs as the user "sdb" with group "sdba".
III.
IV. Other versions may also be vulnerable.
V. WORKAROUND
iDefense is currently unaware of any workaround for this issue.
VI. VENDOR RESPONSE
SAP AG has addressed this vulnerability by releasing a new version of MaxDB. For more information, consult SAP note 1178438.
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-1810 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
03/27/2008 Initial vendor notification 04/01/2008 Initial vendor response 07/30/2008 Coordinated public disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2008 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200808-0238", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "maxdb", "scope": "eq", "trust": 2.1, "vendor": "sap", "version": "7.6.03.15" }, { "model": "kernel", "scope": null, "trust": 0.6, "vendor": "linux", "version": null } ], "sources": [ { "db": "BID", "id": "30474" }, { "db": "JVNDB", "id": "JVNDB-2008-005690" }, { "db": "NVD", "id": "CVE-2008-1810" }, { "db": "CNNVD", "id": "CNNVD-200808-004" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:sap:maxdb:7.6.03.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2008-1810" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "iDEFENSE", "sources": [ { "db": "CNNVD", "id": "CNNVD-200808-004" } ], "trust": 0.6 }, "cve": "CVE-2008-1810", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.4, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2008-1810", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2008-1810", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-200808-004", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-005690" }, { "db": "NVD", "id": "CVE-2008-1810" }, { "db": "CNNVD", "id": "CNNVD-200808-004" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable. SAP MaxDB is prone to a local privilege-escalation vulnerability that occurs in the \u0027dbmsrv\u0027 process because the application fails to sufficiently sanitize user-supplied input. \nAn attacker can exploit this issue to execute arbitrary code with \u0027sdb:sdba\u0027 privileges. Successfully exploiting this issue will compromise the affected application and possibly the underlying computer. \nSAP MaxDB 7.6.03.15 on Linux is vulnerable; other versions running on different platforms may also be affected. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nMaxDB \"dbmsrv\" Privilege Escalation Vulnerability\n\nSECUNIA ADVISORY ID:\nSA31318\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31318/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nPrivilege escalation\n\nWHERE:\nLocal system\n\nSOFTWARE:\nMaxDB 7.x\nhttp://secunia.com/product/4012/\n\nDESCRIPTION:\nA vulnerability has been reported in MaxDB, which can be exploited by\nmalicious, local users to gain escalated privileges. \n\nPROVIDED AND/OR DISCOVERED BY:\nanonymous researcher, reported via iDefense\n\nORIGINAL ADVISORY:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=729\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. iDefense Security Advisory 07.30.08\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nJul 30, 2008\n\nI. BACKGROUND\n\nSAP\u0027s MaxDB is a database software product. MaxDB was released as open\nsource from version 7.5 up to version 7.6.00. Later versions are no\nlonger open source but are available for download from the SAP SDN\nwebsite (sdn.sap.com) as a community edition with free community\nsupport for public use beyond the scope of SAP applications. The\n\"dbmsrv\" program is set-uid \"sdb\", set-gid \"sdba\", and installed by\ndefault. For more information, visit the product\u0027s website at the\nfollowing URL. \n\nhttps://www.sdn.sap.com/irj/sdn/maxdb\n\nII. \n\nWhen a local user runs the \"dbmcli\" program, the MaxDB executes a\n\"dbmsrv\" process on the user\u0027s behalf. The \"dbmsrv\" process, which is\nresponsible for executing user commands, runs as the user \"sdb\" with\ngroup \"sdba\". \n\nIII. \n\nIV. Other versions may also be vulnerable. \n\nV. WORKAROUND\n\niDefense is currently unaware of any workaround for this issue. \n\nVI. VENDOR RESPONSE\n\nSAP AG has addressed this vulnerability by releasing a new version of\nMaxDB. For more information, consult SAP note 1178438. \n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2008-1810 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n03/27/2008 Initial vendor notification\n04/01/2008 Initial vendor response\n07/30/2008 Coordinated public disclosure\n\nIX. CREDIT\n\nThe discoverer of this vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2008 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information", "sources": [ { "db": "NVD", "id": "CVE-2008-1810" }, { "db": "JVNDB", "id": "JVNDB-2008-005690" }, { "db": "BID", "id": "30474" }, { "db": "PACKETSTORM", "id": "68727" }, { "db": "PACKETSTORM", "id": "68694" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2008-1810", "trust": 2.8 }, { "db": "BID", "id": "30474", "trust": 1.9 }, { "db": "SECUNIA", "id": "31318", "trust": 1.7 }, { "db": "VUPEN", "id": "ADV-2008-2267", "trust": 1.6 }, { "db": "SECTRACK", "id": "1020585", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2008-005690", "trust": 0.8 }, { "db": "IDEFENSE", "id": "20080730 SAP MAXDB DBMSRV UNTRUSTED EXECUTION PATH VULNERABILITY", "trust": 0.6 }, { "db": "XF", "id": "44125", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-200808-004", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "68727", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "68694", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "30474" }, { "db": "JVNDB", "id": "JVNDB-2008-005690" }, { "db": "PACKETSTORM", "id": "68727" }, { "db": "PACKETSTORM", "id": "68694" }, { "db": "NVD", "id": "CVE-2008-1810" }, { "db": "CNNVD", "id": "CNNVD-200808-004" } ] }, "id": "VAR-200808-0238", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.1359447 }, "last_update_date": "2023-12-18T13:35:14.124000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://maxdb.sap.com/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-005690" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-005690" }, { "db": "NVD", "id": "CVE-2008-1810" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=729" }, { "trust": 1.6, "url": "http://secunia.com/advisories/31318" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/30474" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id?1020585" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2008/2267/references" }, { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44125" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1810" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1810" }, { "trust": 0.6, "url": "http://xforce.iss.net/xforce/xfdb/44125" }, { "trust": 0.6, "url": "http://www.frsirt.com/english/advisories/2008/2267/references" }, { "trust": 0.4, "url": "https://www.sdn.sap.com/irj/sdn/maxdb" }, { "trust": 0.3, "url": "/archive/1/494990" }, { "trust": 0.1, "url": "http://secunia.com/product/4012/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/31318/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_specialist/" }, { "trust": 0.1, "url": "http://corporate.secunia.com/about_secunia/64/" }, { "trust": 0.1, "url": "http://secunia.com/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/)," }, { "trust": 0.1, "url": "http://labs.idefense.com/intelligence/vulnerabilities/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1810" }, { "trust": 0.1, "url": "http://labs.idefense.com/methodology/vulnerability/vcp.php" }, { "trust": 0.1, "url": "http://labs.idefense.com/" } ], "sources": [ { "db": "BID", "id": "30474" }, { "db": "JVNDB", "id": "JVNDB-2008-005690" }, { "db": "PACKETSTORM", "id": "68727" }, { "db": "PACKETSTORM", "id": "68694" }, { "db": "NVD", "id": "CVE-2008-1810" }, { "db": "CNNVD", "id": "CNNVD-200808-004" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "30474" }, { "db": "JVNDB", "id": "JVNDB-2008-005690" }, { "db": "PACKETSTORM", "id": "68727" }, { "db": "PACKETSTORM", "id": "68694" }, { "db": "NVD", "id": "CVE-2008-1810" }, { "db": "CNNVD", "id": "CNNVD-200808-004" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2008-07-31T00:00:00", "db": "BID", "id": "30474" }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-005690" }, { "date": "2008-08-01T19:48:32", "db": "PACKETSTORM", "id": "68727" }, { "date": "2008-07-31T22:25:13", "db": "PACKETSTORM", "id": "68694" }, { "date": "2008-08-01T14:41:00", "db": "NVD", "id": "CVE-2008-1810" }, { "date": "2008-07-31T00:00:00", "db": "CNNVD", "id": "CNNVD-200808-004" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2008-07-31T22:07:00", "db": "BID", "id": "30474" }, { "date": "2012-12-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-005690" }, { "date": "2017-08-08T01:30:28.387000", "db": "NVD", "id": "CVE-2008-1810" }, { "date": "2008-09-11T00:00:00", "db": "CNNVD", "id": "CNNVD-200808-004" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "30474" }, { "db": "PACKETSTORM", "id": "68727" }, { "db": "PACKETSTORM", "id": "68694" }, { "db": "CNNVD", "id": "CNNVD-200808-004" } ], "trust": 1.1 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Linux Run on SAP MaxDB of dbmsrv Vulnerability gained in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-005690" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control", "sources": [ { "db": "CNNVD", "id": "CNNVD-200808-004" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.