Directory Traversal Vulnerability in SAP Business Connector by SAP
CVE-2006-0732

Currently unrated

Key Information:

Vendor: SAP
Status: Business Connector
Vendor: CVE Published:; 16 February 2006

What is CVE-2006-0732?

A directory traversal vulnerability exists in SAP Business Connector versions 4.6 and 4.7, which enables remote attackers to potentially read or delete files on the affected server. This vulnerability arises when an attacker manipulates the 'fullName' parameter in specific interfaces, such as 'sapbc/SAP/chopSAPLog.dsp' or 'invoke/sap.monitor.rfcTrace/deleteSingle'. Exploitation is contingent on the product being installed with root or administrative privileges and the attacker obtaining administrative access via alternate methods.

References

http://secunia.com/advisories/18880

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/archive/1/434014/30/4980/thr...

mailing-listx_refsource_BUGTRAQ

http://www.cybsec.com/vuln/CYBSEC_Security_Advisory_Arbit...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 16, 2006
Vulnerability Reserved
Feb 16, 2006