SAP MaxDB 'serv.exe' Unspecified Remote Code Execution Vulnerability Network Vulnerability

Summary

SAP MaxDB is prone to an unspecified remote code-execution vulnerability because it fails to sufficiently validate user- supplied input. An attacker can leverage this issue to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of- service condition.

Solution

Updates are available please contact the vendor for more information.

References

http://www.securityfocus.com/archive/1/510125
http://www.securityfocus.com/bid/38769
http://www.zerodayinitiative.com/advisories/ZDI-10-032/
https://www.sdn.sap.com/irj/sdn/maxdb

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1185
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability
MySQL Server Buffer Overflow Vulnerability (Linux)
IBM DB2 UDB Multiple Unspecified Vulnerabilities (Windows)
Oracle Database Server 'RDBMS' component Denial of Service Vulnerability
Oracle Database Server listener Security Bypass Vulnerability

Take action and discover your vulnerabilities