Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-5784 — SAP WEB Application Server vulnerability

4 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

4.5%

top 10.80%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SAP WEB Application Server

Timeline

PublishedNov 7

Latest updateMay 1

Description

Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDsap/sap_web_application_server6.40, 7.00+1

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-gmrg-288v-3xmw: Unspecified vulnerability in enserver↗2022-05-01

▶

CVEList

CVE-2006-5784: Unspecified vulnerability in enserver↗2006-11-07

▶

💥Exploits & PoCs

Exploit-DB

SAP Web Application Server 6.40 - Arbitrary File Disclosure↗2007-02-08

▶