|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
SAP Web AS: several vulnerabilities
Synthesis of the vulnerability
A remote attacker can read a file or generate a denial of service, and a local attacker can elevate his privileges.
Impacted software: SAP ERP, NetWeaver.
Severity of this computer vulnerability: 2/4.
Consequences of a hack: privileged access/rights, data reading, denial of service on service.
Attacker's origin: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 02/11/2006.
Revision date: 09/02/2007.
Références of this announce: BID-20873, BID-20877, CVE-2006-5784, CVE-2006-5785, VIGILANCE-VUL-6274.
Description of the vulnerability
The SAP Application Server product has three vulnerabilities.
A remote attacker can read a file with rights of SAP. [severity:2/4; BID-20877, CVE-2006-5784]
A remote attacker can stop the enserver.exe process. [severity:2/4; BID-20873, CVE-2006-5785]
A local attacker can obtain privileges of the SAPServiceJ2E user under Windows 2000 pre-SP4, Windows XP pre-SP2 and Windows NT. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a system vulnerability alert. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities.