CVE-2006-0732

3 documents3 sources
Severity
6.4MEDIUM
EPSS
3.1%
top 13.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP Business Connector
Timeline
PublishedFeb 16
Latest updateMay 1

Description

Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended. NOTE: SAP Business Connector is an OEM version of webMethods Integration Server. webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDsap/business_connector4.6, 4.7+1

🔴Vulnerability Details

2
GHSA
GHSA-v248-c9rp-m2fx: Directory traversal vulnerability in SAP Business Connector (BC) 42022-05-01
CVEList
CVE-2006-0732: Directory traversal vulnerability in SAP Business Connector (BC) 42006-02-16
CVE-2006-0732 (MEDIUM CVSS 6.4) | Directory traversal vulnerability i | cvebase.io