CVE-2003-0938

{"id": "CVE-2003-0938", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-12-15T05:00:00.000", "references": [{"url": "http://www.atstake.com/research/advisories/2003/a111703-1.txt", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13765", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious \"NETAPI32.DLL\" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure."}, {"lang": "es", "value": "vos24u.c en SAP database server (SAP DB) 7.4.03.27 y anteriores permite que usuarios locales obtengan privlegios de SYSTEM mediante una \"\"NETAPI32.DLL\"\" maliciosa en el directorio de trabajo, ya que esta se carga por SAP DB antes que la DLL real, como se demuestra usando el procedimiento almacenado SQLAT."}], "lastModified": "2017-07-11T01:29:38.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB240935-AA78-497C-A130-64F063E5F4C2", "versionEndIncluding": "7.4.03.27"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}