CVE-2007-1913
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
92.9%
The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | racf | - | cpe:2.3:a:ibm:racf:-:*:*:*:*:*:*:* |
| apple | macos | * | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
| hp | hp-ux | * | cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:* |
| hp | tru64 | * | cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:* |
| ibm | aix | * | cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:* |
| ibm | os_400 | gold | cpe:2.3:o:ibm:os_400:gold:*:*:*:*:*:*:* |
| ibm | os_400 | v5r2m0 | cpe:2.3:o:ibm:os_400:v5r2m0:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:ia32_64-bit:*:*:*:*:* |
| microsoft | windows_server | * | cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:* |
| siemens | reliant_unix | * | cpe:2.3:o:siemens:reliant_unix:*:*:*:*:*:*:*:* |
References
secunia.com/advisories/24722
securityreason.com/securityalert/2535
www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf
www.securityfocus.com/archive/1/464669/100/0/threaded
www.securityfocus.com/bid/23305
www.vupen.com/english/advisories/2007/1270
exchange.xforce.ibmcloud.com/vulnerabilities/33423
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
92.9%