Directory Traversal Vulnerability in SAP Business Connector by SAP
CVE-2006-0732

Currently unrated

Key Information:

Vendor

SAP
Status
Business Connector
Vendor
CVE Published:
16 February 2006

What is CVE-2006-0732?

A directory traversal vulnerability exists in SAP Business Connector versions 4.6 and 4.7, which enables remote attackers to potentially read or delete files on the affected server. This vulnerability arises when an attacker manipulates the 'fullName' parameter in specific interfaces, such as 'sapbc/SAP/chopSAPLog.dsp' or 'invoke/sap.monitor.rfcTrace/deleteSingle'. Exploitation is contingent on the product being installed with root or administrative privileges and the attacker obtaining administrative access via alternate methods.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/18880
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/434014/30/4980/thr...
mailing-listx_refsource_BUGTRAQ
http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Arbit...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.