Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2001-0366
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program..
CVSSv2.0 Score
- Severity
- High
- Base Score
- 7.2/10
- Exploit Score
- 3.9/10
- Access Vector
- Local
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 10/10
- Confidentiality Impact
- Complete
- Availability Impact
- Complete
- Integrity Impact
- Complete
Products Affected
| CPE | Affected | Vulnerable | Excluding | Edit |
|---|---|---|---|---|
| cpe:2.3:a:sap:saposcol:1.0:*:linux:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:sap:sap_r_3_web_application_server_demo:*:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:sap:saposcol:1.2:*:linux:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:sap:saposcol:1.3:*:linux:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:sap:saposcol:1.1:*:linux:*:*:*:*:* |
Yes
|
- | - |