{ "id": "CVE-2005-4815", "sourceIdentifier": "cve@mitre.org", "published": "2005-12-31T05:00:00.000", "lastModified": "2024-11-21T00:05:14.960", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before 4.6D patch 1767, 45 before 45B patch 913, 40 before 40B patch 1008, and 31 before 31I patch 735 do not properly restrict process execution by lnaxdm/sapsys, which allows remote attackers to execute arbitrary code via a certain UDP packet that ends with the name of a local executable file, aka the \"FX SAP R/3 gwrd vuln.\"" } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL" }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:sap:sap_r_3:4.6_before_patch_1767:*:*:*:*:*:*:*", "matchCriteriaId": "E4C79FDB-885C-4E21-8D34-01F7E0F3E670" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:sap_r_3:6.2_before_patch_1364:*:*:*:*:*:*:*", "matchCriteriaId": "15558671-9CB0-440B-94C5-6B878B6364D2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:sap_r_3:6.4_before_patch_4:*:*:*:*:*:*:*", "matchCriteriaId": "CC4F25AE-8381-4FC4-B8E5-1E459DEAD74F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:sap_r_3:31_before_31i_patch_735:*:*:*:*:*:*:*", "matchCriteriaId": "22E767CA-E2B6-4194-A87F-8CAC56EE1F6F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:sap_r_3:40_before_patch_1008:*:*:*:*:*:*:*", "matchCriteriaId": "E15CD7C9-BECC-4DF2-8455-7AE7154A765C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:sap_r_3:45_before_patch_913:*:*:*:*:*:*:*", "matchCriteriaId": "281C68CB-F59A-4540-A16C-48791607C193" } ] } ] } ], "references": [ { "url": "http://lists.darklab.org/pipermail/darklab/2006-January/000209.html", "source": "cve@mitre.org" }, { "url": "http://lists.virus.org/darklab-0509/msg00011.html", "source": "cve@mitre.org" }, { "url": "http://lists.virus.org/darklab-0509/msg00017.html", "source": "cve@mitre.org" }, { "url": "http://lists.virus.org/darklab-0509/msg00018.html", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded", "source": "cve@mitre.org" }, { "url": "http://lists.darklab.org/pipermail/darklab/2006-January/000209.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://lists.virus.org/darklab-0509/msg00011.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://lists.virus.org/darklab-0509/msg00017.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://lists.virus.org/darklab-0509/msg00018.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/archive/1/451378/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108" } ] }