Lucene search

MitreCVE-2003-0748

HistoryOct 20, 2003 - 4:00 a.m.

CVE-2003-0748

2003-10-2004:00:00

mitre

web.nvd.nist.gov

security

vulnerability

directory traversal

wgate.dll

sap

its

remote attackers

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.944

Percentile

99.2%

JSON

Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via …\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename.

Affected configurations

Nvd

Node

sapinternet_transaction_serverMatch4620.2.0.323011

VendorProductVersionCPE
sapinternet_transaction_server4620.2.0.323011cpe:2.3:a:sap:internet_transaction_server:4620.2.0.323011:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	internet_transaction_server	4620.2.0.323011	cpe:2.3:a:sap:internet_transaction_server:4620.2.0.323011:::::::*

References

archives.neohapsis.com/archives/bugtraq/2003-08/0361.html

www.securityfocus.com/bid/8516

exchange.xforce.ibmcloud.com/vulnerabilities/13066

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.944

Percentile

99.2%

JSON

Related for CVE-2003-0748