CVE-2016-5847

Опубликовано: 13 авг. 2016

Источник: nvd

CVSS3: 5.8

CVSS2: 4.4

EPSS Низкий

Описание

SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384.

Ссылки

http://packetstormsecurity.com/files/138284/SAP-CAR-Archive-Tool-Denial-Of-Service-Security-Bypass.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Aug/46
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/archive/1/539180/100/0/threaded
http://www.securityfocus.com/bid/92406
Third Party Advisory
VDB Entry
https://www.coresecurity.com/advisories/sap-car-multiple-vulnerabilities
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/40230/
http://packetstormsecurity.com/files/138284/SAP-CAR-Archive-Tool-Denial-Of-Service-Security-Bypass.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Aug/46
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/archive/1/539180/100/0/threaded
http://www.securityfocus.com/bid/92406
Third Party Advisory
VDB Entry
https://www.coresecurity.com/advisories/sap-car-multiple-vulnerabilities
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/40230/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:sapcar_archive_tool:-:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.0022

Низкий

5.8 Medium

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-3gxr-2xmf-3h63