Vulnerabilities > CVE-2003-0938 - Local Security vulnerability in Sap Db

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

sap

NVD

Published: 2003-12-15

Updated: 2017-07-11

Summary

vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP SAP DB *	1

References

http://www.atstake.com/research/advisories/2003/a111703-1.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/13765