High

CVE-2003-0118 - Unspecified vulnerability in Microsoft Biztalk Server

Publication: 2003-05-12
Summary

SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.

Risk level (CVSS 7.5)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Microsoft Biztalk Server 2000
  • Microsoft Biztalk Server 2000
  • Microsoft Biztalk Server 2000
  • Microsoft Biztalk Server 2000
  • Microsoft Biztalk Server 2000
  • Microsoft Biztalk Server 2000
  • Microsoft Biztalk Server 2000
  • Microsoft Biztalk Server 2000
  • Microsoft Biztalk Server 2000
  • Microsoft Biztalk Server 2002
  • Microsoft Biztalk Server 2002