exploitDog

CVE-2003-0938

Опубликовано: 15 дек. 2003

Источник: nvd

CVSS2: 7.2

EPSS Низкий

Описание

vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure.

Ссылки

http://www.atstake.com/research/advisories/2003/a111703-1.txt
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13765
http://www.atstake.com/research/advisories/2003/a111703-1.txt
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/13765

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*

Версия до 7.4.03.27 (включая)

EPSS

Процентиль: 14%

0.00046

Низкий

7.2 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-59g6-5v86-2944

github

почти 4 года назад

vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure.

EPSS

Процентиль: 14%

0.00046

Низкий

7.2 High

CVSS2

Дефекты

NVD-CWE-Other