CVE-2006-0732

SAP Business Connector 4.6-4.7 - Directory Traversal via fullName Parameter

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended. NOTE: SAP Business Connector is an OEM version of webMethods Integration Server. webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port; however, both are discouraged in the documentation. In addition, the attacker must already have acquired administrative privileges through other means.

References (10)

Core 10
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18880
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/434014/30/4980/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016122
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16668
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016090
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015639
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/425048/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0611

Scores

EPSS 0.0308
EPSS Percentile 86.9%

Details

Status published
Products (2)
sap/business_connector 4.6
sap/business_connector 4.7
Published Feb 16, 2006
Tracked Since Feb 18, 2026