The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability note CVE-2006-5784 CVE-2006-5785

SAP Web AS: several vulnerabilities

Synthesis of the vulnerability

A remote attacker can read a file or generate a denial of service, and a local attacker can elevate his privileges.
Impacted software: SAP ERP, NetWeaver.
Severity of this computer vulnerability: 2/4.
Consequences of a hack: privileged access/rights, data reading, denial of service on service.
Attacker's origin: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 02/11/2006.
Revision date: 09/02/2007.
Références of this announce: BID-20873, BID-20877, CVE-2006-5784, CVE-2006-5785, VIGILANCE-VUL-6274.

Description of the vulnerability

The SAP Application Server product has three vulnerabilities.

A remote attacker can read a file with rights of SAP. [severity:2/4; BID-20877, CVE-2006-5784]

A remote attacker can stop the enserver.exe process. [severity:2/4; BID-20873, CVE-2006-5785]

A local attacker can obtain privileges of the SAPServiceJ2E user under Windows 2000 pre-SP4, Windows XP pre-SP2 and Windows NT. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a system vulnerability alert. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities.