Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0621

CWE-119Buffer Overflow5 documents4 sources
Severity
7.5HIGH
EPSS
88.0%
top 0.52%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SAP SaplpdSAP Sapgui
Timeline
PublishedFeb 6
Latest updateMay 1

Description

Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDsap/saplpd6.28
NVDsap/sapgui7.10

🔴Vulnerability Details

2
GHSA
GHSA-ggfh-c25x-c875: Buffer overflow in SAPLPD 62022-05-01
CVEList
CVE-2008-0621: Buffer overflow in SAPLPD 62008-02-06

💥Exploits & PoCs

2
Exploit-DB
SapLPD 6.28 - Remote Buffer Overflow (Metasploit)2010-05-09
Exploit-DB
SapLPD 6.28 (Windows x86) - Remote Buffer Overflow2008-02-07
CVE-2008-0621 (HIGH CVSS 7.5) | Buffer overflow in SAPLPD 6.28 and | cvebase.io