CVE-2008-0306

sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670
http://www.securityfocus.com/bid/28185
http://www.securitytracker.com/id?1019570
http://secunia.com/advisories/29312	Vendor Advisory
http://www.vupen.com/english/advisories/2008/0844/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41104

Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:maxdb:7.6.0.37:*:*:*:*:*:*:*

Information

Published : 2008-03-11 16:44

Updated : 2017-08-07 18:29

NVD link : CVE-2008-0306

Mitre link : CVE-2008-0306

JSON object : View

CWE

NVD-CWE-Other

Products Affected

sap

maxdb

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670", "name": "20080310 SAP MaxDB sdbstarter Privilege Escalation Vulnerability", "tags": [], "refsource": "IDEFENSE"}, {"url": "http://www.securityfocus.com/bid/28185", "name": "28185", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1019570", "name": "1019570", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/29312", "name": "29312", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2008/0844/references", "name": "ADV-2008-0844", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41104", "name": "maxdb-sdbstarter-privilege-escalation(41104)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-0306", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-03-11T23:44Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sap:maxdb:7.6.0.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:29Z"}

6.9 /10