Vulnerability Name:

CVE-2006-0732 (CCN-24750)

Assigned:2006-02-15
Published:2006-02-15
Updated:2018-10-19
Summary:Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended.
Note: SAP Business Connector is an OEM version of webMethods Integration Server. webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port; however, both are discouraged in the documentation. In addition, the attacker must already have acquired administrative privileges through other means.
Apply patches (see SAP note 906401 and 908349).
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
8.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:N/A:C)
6.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: Full-Disclosure Mailing List, Wed Feb 15 2006 - 07:31:06 CST
CYBSEC - Security Pre-Advisory: Arbitrary File Read/Delete in SAP BC

Source: CCN
Type: Full-Disclosure Mailing List, Mon May 15 2006 - 07:46:04 CDT
CYBSEC - Security Advisory: Arbitrary File Read/Delete in SAP BC (Business Connector)

Source: MITRE
Type: CNA
CVE-2006-0732

Source: CCN
Type: SA18880
SAP Business Connector Arbitrary File Access and Spoofing

Source: SECUNIA
Type: Vendor Advisory
18880

Source: CCN
Type: SECTRACK ID: 1015639
SAP Business Connector Bugs Let Remote Users View or Delete Files and Conduct Phishing Attacks

Source: SECTRACK
Type: UNKNOWN
1015639

Source: CCN
Type: SECTRACK ID: 1016090
SAP Business Connector Lets Remote Authenticated Users View and Delete Files

Source: SECTRACK
Type: UNKNOWN
1016090

Source: CCN
Type: SECTRACK ID: 1016122
SAP sapdba Command for Informix Environment Variable Bug Lets Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1016122

Source: MISC
Type: UNKNOWN
http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf

Source: MISC
Type: Vendor Advisory
http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf

Source: BUGTRAQ
Type: UNKNOWN
20060215 CYBSEC - Security Pre-Advisory: Arbitrary File Read/Delete in SAPBC

Source: BUGTRAQ
Type: UNKNOWN
20060515 CYBSEC - Security Advisory: Arbitrary File Read/Delete in SAP BC(Business Connector)

Source: BID
Type: UNKNOWN
16668

Source: CCN
Type: BID-16668
SAP Business Connector Remote Arbitrary File Access And Deletion Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-0611

Source: XF
Type: UNKNOWN
sapbc-monitoring-file-access(24750)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sap:business_connector:4.6:*:*:*:*:*:*:*
  • OR cpe:/a:sap:business_connector:4.7:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    sap business connector 4.6
    sap business connector 4.7