CVE-2006-6346 - Vulnerability Details - OpenCVE

Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	Internet Graphics Server

Configuration 1 [-]

OR	cpe:2.3:a:sap:internet_graphics_server::::::::
	cpe:2.3:a:sap:internet_graphics_server::::::::

No data.

References

Link	Providers
http://secunia.com/advisories/23262
http://securityreason.com/securityalert/1985
http://securitytracker.com/id?1017341
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf
http://www.securityfocus.com/archive/1/453560/100/0/threaded
http://www.securityfocus.com/bid/21448
http://www.vupen.com/english/advisories/2006/4863
https://exchange.xforce.ibmcloud.com/vulnerabilities/30766

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-07T01:00:00

Updated: 2024-08-07T20:26:45.130Z

Reserved: 2006-12-06T00:00:00

Link: CVE-2006-6346

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-12-07T01:28:00.000

Modified: 2024-11-21T00:22:27.727

Link: CVE-2006-6346

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-12-05T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to \"Undocumented Features.\" NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "sap-igs-weak-security(30766)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30766"}, {"name": "ADV-2006-4863", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4863"}, {"tags": ["x_refsource_MISC"], "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf"}, {"name": "23262", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23262"}, {"name": "1017341", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017341"}, {"name": "21448", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21448"}, {"name": "20061205 CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Undocumented Features", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/453560/100/0/threaded"}, {"name": "1985", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1985"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6346", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to \"Undocumented Features.\" NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "sap-igs-weak-security(30766)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30766"}, {"name": "ADV-2006-4863", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4863"}, {"name": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf", "refsource": "MISC", "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf"}, {"name": "23262", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23262"}, {"name": "1017341", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017341"}, {"name": "21448", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21448"}, {"name": "20061205 CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Undocumented Features", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/453560/100/0/threaded"}, {"name": "1985", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1985"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:26:45.130Z"}, "title": "CVE Program Container", "references": [{"name": "sap-igs-weak-security(30766)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30766"}, {"name": "ADV-2006-4863", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4863"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf"}, {"name": "23262", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23262"}, {"name": "1017341", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017341"}, {"name": "21448", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21448"}, {"name": "20061205 CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Undocumented Features", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/453560/100/0/threaded"}, {"name": "1985", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1985"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6346", "datePublished": "2006-12-07T01:00:00", "dateReserved": "2006-12-06T00:00:00", "dateUpdated": "2024-08-07T20:26:45.130Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:internet_graphics_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBA20BFA-179D-4970-8E97-405DB891E3C5", "versionEndIncluding": "6.40_patch_15", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:internet_graphics_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "F942FE1D-B9AE-41CA-B738-57A1D2E4095F", "versionEndIncluding": "7.00_patch_3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to \"Undocumented Features.\" NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134."}, {"lang": "es", "value": "Vulnerabilidad no especificada SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 y anteriores, y 7.00 Patchlevel 3 y anteriores, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (apagado de servicio), obtener informaci\u00f3n sensible (ficheros de configuraci\u00f3n), y llevar a cabo otras actividades no autorizadas, relacionado con \"Caracter\u00edsticas no Documentadas\". NOTA: es posible que haya muchas versiones para esta vulnerabilidad. Esta informaci\u00f3n est\u00e1 basada en una revelaci\u00f3n inicial imprecisa. Los detalles ser\u00e1n actualizados cuando termine el periodo de gracia. Este es probablemente un asunto diferente que CVE-2006-4134."}], "id": "CVE-2006-6346", "lastModified": "2024-11-21T00:22:27.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-07T01:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23262"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1985"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017341"}, {"source": "cve@mitre.org", "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/453560/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/21448"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4863"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30766"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23262"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1985"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017341"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/453560/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/21448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4863"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30766"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}