Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1576

4 documents4 sources

Severity

7.2HIGH

EPSS

0.6%

top 30.06%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SAP SAP DB

Timeline

PublishedApr 15

Latest updateApr 30

Description

lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDsap/sap_db7.3.00

Patches

Patch: www.sapdb.org ↗Patch: www.securityfocus.com ↗Patch: www.sapdb.org ↗

🔴Vulnerability Details

GHSA

GHSA-rf3p-79w2-25vp: lserver in SAP DB 7↗2022-04-30

▶

CVEList

CVE-2002-1576: lserver in SAP DB 7↗2004-03-16

▶

💥Exploits & PoCs

Exploit-DB

SAP DB 7.3.00 - Symbolic Link↗2002-12-04

▶