Denial of Service Vulnerability in SAPCAR by SAP
CVE-2016-5845

5.5MEDIUM

Key Information:

Vendor
SAP
Status
SAPcar
Vendor
CVE Published:
13 August 2016

Summary

The SAPCAR tool from SAP is susceptible to a denial of service vulnerability due to inadequate validation of file operation return values when extracting files. This flaw permits remote attackers to exploit the tool by supplying an invalid file name within an archive, potentially leading to a program crash. Organizations utilizing SAPCAR should take immediate action to ensure their systems are secure against this type of attack.

References

https://www.exploit-db.com/exploits/40230/
exploitx_refsource_EXPLOIT-DB
http://seclists.org/fulldisclosure/2016/Aug/46
mailing-listx_refsource_FULLDISC
http://www.securityfocus.com/bid/92406
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.