Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2005-4815

Published: Dec 31, 2005 | Modified: Oct 19, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2005-4815
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before 4.6D patch 1767, 45 before 45B patch 913, 40 before 40B patch 1008, and 31 before 31I patch 735 do not properly restrict process execution by lnaxdm/sapsys, which allows remote attackers to execute arbitrary code via a certain UDP packet that ends with the name of a local executable file, aka the FX SAP R/3 gwrd vuln.

Affected Software

Name Vendor Start Version End Version
Sap_r_3 Sap 4.6_before_patch_1767 (including) 4.6_before_patch_1767 (including)
Sap_r_3 Sap 6.2_before_patch_1364 (including) 6.2_before_patch_1364 (including)
Sap_r_3 Sap 6.4_before_patch_4 (including) 6.4_before_patch_4 (including)
Sap_r_3 Sap 31_before_31i_patch_735 (including) 31_before_31i_patch_735 (including)
Sap_r_3 Sap 40_before_patch_1008 (including) 40_before_patch_1008 (including)
Sap_r_3 Sap 45_before_patch_913 (including) 45_before_patch_913 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use