SAP MaxDB 'serv.exe' Unspecified Remote Code Execution Vulnerability Network Vulnerability

Summary

SAP MaxDB is prone to an unspecified remote code-execution vulnerability because it fails to sufficiently validate user- supplied input. An attacker can leverage this issue to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of- service condition.

Solution

Updates are available please contact the vendor for more information.

References

http://www.securityfocus.com/archive/1/510125
http://www.securityfocus.com/bid/38769
http://www.zerodayinitiative.com/advisories/ZDI-10-032/
https://www.sdn.sap.com/irj/sdn/maxdb

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1185

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Oracle Database Server listener Security Bypass Vulnerability
MySQL 5.x Unspecified Buffer Overflow Vulnerability
IBM DB2 Multiple Vulnerabilities (Oct10)
SAP MaxDB 'serv.exe' Unspecified Remote Code Execution Vulnerability
Oracle MySQL Server Multiple Vulnerabilities-01 Nov12 (Windows)

Take action and discover your vulnerabilities