CVE-2006-6010
published 2006-11-21CVE-2006-6010: SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request…
PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
13.80%
96.0th percentile
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | rfc_library | — | — |
| sap | rfc_library | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
SAP Base CVE-2003-0747 information disclosure (XFDB-39997)
vuldb·2026-04-28·CVSS 5.0
CVE-2006-6010 [MEDIUM] SAP Base CVE-2003-0747 information disclosure (XFDB-39997)
A vulnerability, which was classified as problematic, has been found in SAP Base CVE-2003-0747. This affects an unknown function. This manipulation causes information disclosure.
The identification of this vulnerability is CVE-2006-6010. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
GHSA
GHSA-rf6q-wrm8-hjq7: The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2007-1913 [MEDIUM] GHSA-rf6q-wrm8-hjq7: The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6
The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
GHSA
GHSA-66r7-7rjm-h7pp: SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2006-6010 [MEDIUM] GHSA-66r7-7rjm-h7pp: SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.
GHSA
GHSA-gr6x-4fcp-wfg7: The RFC_START_PROGRAM function in the SAP RFC Library 6
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2007-1914 [MEDIUM] GHSA-gr6x-4fcp-wfg7: The RFC_START_PROGRAM function in the SAP RFC Library 6
The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to obtain sensitive information (external RFC server configuration data) via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
No detection rules found.
No writeups or analysis indexed.
http://securityreason.com/securityalert/1889http://www.securityfocus.com/archive/1/451378/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/39997http://securityreason.com/securityalert/1889http://www.securityfocus.com/archive/1/451378/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/39997
2006-11-21
Published