cvelistv5 - CVE-2007-1913

CVE-2007-1913 (GCVE-0-2007-1913)

Vulnerability from cvelistv5

Published

2007-04-10 23:00

Modified

2024-08-07 13:13

Severity ?

CWE

Summary

References

URL

Tags

cve@mitre.org	http://secunia.com/advisories/24722
cve@mitre.org	http://securityreason.com/securityalert/2535
cve@mitre.org	http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf
cve@mitre.org	http://www.securityfocus.com/archive/1/464669/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/23305	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1270
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/33423
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24722
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/2535
af854a3a-2127-422b-91ae-364da2661108	http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/464669/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23305	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1270
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/33423

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:13:41.632Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf"
          },
          {
            "name": "23305",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23305"
          },
          {
            "name": "20070404 CYBSEC Pre-Advisory: SAP TRUSTED_SYSTEM_SECURITY RFC Function Information Disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/464669/100/0/threaded"
          },
          {
            "name": "24722",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24722"
          },
          {
            "name": "sap-rfc-syssecurity-information-disclosure(33423)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33423"
          },
          {
            "name": "ADV-2007-1270",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1270"
          },
          {
            "name": "2535",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2535"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010.  NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf"
        },
        {
          "name": "23305",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23305"
        },
        {
          "name": "20070404 CYBSEC Pre-Advisory: SAP TRUSTED_SYSTEM_SECURITY RFC Function Information Disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/464669/100/0/threaded"
        },
        {
          "name": "24722",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24722"
        },
        {
          "name": "sap-rfc-syssecurity-information-disclosure(33423)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33423"
        },
        {
          "name": "ADV-2007-1270",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1270"
        },
        {
          "name": "2535",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2535"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1913",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010.  NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf",
              "refsource": "MISC",
              "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf"
            },
            {
              "name": "23305",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23305"
            },
            {
              "name": "20070404 CYBSEC Pre-Advisory: SAP TRUSTED_SYSTEM_SECURITY RFC Function Information Disclosure",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/464669/100/0/threaded"
            },
            {
              "name": "24722",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24722"
            },
            {
              "name": "sap-rfc-syssecurity-information-disclosure(33423)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33423"
            },
            {
              "name": "ADV-2007-1270",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1270"
            },
            {
              "name": "2535",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2535"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1913",
    "datePublished": "2007-04-10T23:00:00",
    "dateReserved": "2007-04-10T00:00:00",
    "dateUpdated": "2024-08-07T13:13:41.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-1913\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-04-10T23:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010.  NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n TRUSTED_SYSTEM_SECURITY en la SAP RFC Library 6.40 y 7.00 anterior al 11/12/2006 permite a atacantes remotos verificar la existencia de usuarios y grupos en sistemas y dominios mediante vectores no especificados, una vulnerabilidad diferente que CVE-2006-6010. NOTA: esta informaci\u00f3n est\u00e1 basada en revelaciones iniciales imprecisas. Los detalles ser\u00e1n actualizados cuando termine el periodo de gracia.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:ibm:racf:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFB86546-D066-4FEB-BBAF-91D2DBFA0BE7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C56F007-5F8E-4BDD-A803-C907BCC0AF55\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61A4F116-1FEE-450E-99AE-6AD9ACDDE570\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FE64F3F-48F6-493F-A81E-2B106FF73AC1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:os_400:gold:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C665A29-B59C-4425-8B81-9548D2991DE8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:os_400:v5r2m0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E82033E-A936-4321-8E2D-5D545241A62D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:ia32_64-bit:*:*:*:*:*\",\"matchCriteriaId\":\"4F8CD59E-22A6-4B56-8834-B8A18FBC1A7D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDA0CCC0-F2BE-4AF8-844E-CEA1B276792D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:siemens:reliant_unix:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A2C5456-FF11-403E-B67E-5961278D812A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"469B74F2-4B89-42B8-8638-731E92D463B9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:rfc_library:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C19DAD0-F97F-4AF4-BC33-9150B37A0623\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:rfc_library:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDCCEC9C-BCAC-4970-9327-AD9805A5515B\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/24722\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/2535\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/464669/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/23305\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/1270\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33423\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24722\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/2535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/464669/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/23305\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/1270\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33423\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-rf6q-wrm8-hjq7

Vulnerability from github

Published

2022-05-01 17:58

Modified

2022-05-01 17:58

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-1913"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-04-10T23:19:00Z",
    "severity": "MODERATE"
  },
  "details": "The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010.  NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.",
  "id": "GHSA-rf6q-wrm8-hjq7",
  "modified": "2022-05-01T17:58:24Z",
  "published": "2022-05-01T17:58:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1913"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33423"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24722"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/2535"
    },
    {
      "type": "WEB",
      "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/464669/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23305"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1270"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. SAP RFC Library is prone to an information-disclosure vulnerability. Few details regarding this issue are currently available. This BID will be updated as more information emerges. An attacker can exploit this issue to access sensitive informaiton.

Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/

TITLE: SAP RFC Library Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA24722

VERIFY ADVISORY: http://secunia.com/advisories/24722/

CRITICAL: Moderately critical

IMPACT: Exposure of sensitive information, DoS, System access

WHERE:

From local network

SOFTWARE: SAP RFC Library 7.x http://secunia.com/product/13851/ SAP RFC Library 6.x http://secunia.com/product/13850/

DESCRIPTION: Mariano Nu\xf1ez Di Croce has reported some vulnerabilities in SAP RFC Library, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

1) The "RFC_SET_REG_SERVER_PROPERTY" RFC function allows to define the exclusive use of the RFC Server. This can be exploited to cause a DoS by denying access to other clients.

2) An unspecified buffer overflow exists within the "SYSTEM_CREATE_INSTANCE" RFC function, which can be exploited to execute arbitrary code.

3) An unspecified buffer overflow exists within the "RFC_START_GUI" RFC function, which can be exploited to execute arbitrary code.

4) Two unspecified errors exist within the "RFC_START_PROGRAM" RFC function. These can be exploited to gain knowledge about the RFC server's configuration or execute arbitrary code. Other versions may also be affected.

SOLUTION: Reportedly, SAP released patches.

PROVIDED AND/OR DISCOVERED BY: Mariano Nu\xf1ez Di Croce

ORIGINAL ADVISORY: http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_GUI_RFC_Function_Buffer_Overflow.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_PROGRAM_RFC_Function_Multiple_Vulnerabilities.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200704-0043",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "rfc library",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "7.0"
      },
      {
        "model": "rfc library",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "6.4"
      },
      {
        "model": "rfc library",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "6.40    20061211"
      },
      {
        "model": "rfc library",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "sap",
        "version": "7.00"
      },
      {
        "model": "solaris",
        "scope": null,
        "trust": 0.6,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "rfc library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "7.00"
      },
      {
        "model": "rfc library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sap",
        "version": "6.40"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "23305"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005364"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-153"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1913"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:sap:rfc_library",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005364"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mariano Nu\u0026ntilde;ez Di Croce\u203b mnunez@cybsec.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-153"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-1913",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2007-1913",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-25275",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-1913",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-1913",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200704-153",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-25275",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25275"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005364"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-153"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1913"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010.  NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. SAP RFC Library is prone to an information-disclosure vulnerability. \nFew details regarding this issue are currently available. This BID will be updated as more information emerges. \nAn attacker can exploit this issue to access sensitive informaiton. \n\n----------------------------------------------------------------------\n\nSecunia customers receive relevant and filtered advisories. \nDelivery is done via different channels including SMS, Email, Web,\nand https based XML feed. \nhttp://corporate.secunia.com/trial/38/request/\n\n----------------------------------------------------------------------\n\nTITLE:\nSAP RFC Library Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA24722\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24722/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nExposure of sensitive information, DoS, System access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nSAP RFC Library 7.x\nhttp://secunia.com/product/13851/\nSAP RFC Library 6.x\nhttp://secunia.com/product/13850/\n\nDESCRIPTION:\nMariano Nu\\xf1ez Di Croce has reported some vulnerabilities in SAP RFC\nLibrary, which can be exploited by malicious people to disclose\npotentially sensitive information, cause a DoS (Denial of Service),\nand compromise a vulnerable system. \n\n1) The \"RFC_SET_REG_SERVER_PROPERTY\" RFC function allows to define\nthe exclusive use of the RFC Server. This can be exploited to cause a\nDoS by denying access to other clients. \n\n2) An unspecified buffer overflow exists within the\n\"SYSTEM_CREATE_INSTANCE\" RFC function, which can be exploited to\nexecute arbitrary code. \n\n3) An unspecified buffer overflow exists within the \"RFC_START_GUI\"\nRFC function, which can be exploited to execute arbitrary code. \n\n4) Two unspecified errors exist within the \"RFC_START_PROGRAM\" RFC\nfunction. These can be exploited to gain knowledge about the RFC\nserver\u0027s configuration or execute arbitrary code. Other versions may also be affected. \n\nSOLUTION:\nReportedly, SAP released patches. \n\nPROVIDED AND/OR DISCOVERED BY:\nMariano Nu\\xf1ez Di Croce\n\nORIGINAL ADVISORY:\nhttp://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf\nhttp://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_GUI_RFC_Function_Buffer_Overflow.pdf\nhttp://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_PROGRAM_RFC_Function_Multiple_Vulnerabilities.pdf\nhttp://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf\nhttp://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-1913"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005364"
      },
      {
        "db": "BID",
        "id": "23305"
      },
      {
        "db": "VULHUB",
        "id": "VHN-25275"
      },
      {
        "db": "PACKETSTORM",
        "id": "55699"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-1913",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "23305",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "24722",
        "trust": 1.8
      },
      {
        "db": "SREASON",
        "id": "2535",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-1270",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005364",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-153",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-25275",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "55699",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25275"
      },
      {
        "db": "BID",
        "id": "23305"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005364"
      },
      {
        "db": "PACKETSTORM",
        "id": "55699"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-153"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1913"
      }
    ]
  },
  "id": "VAR-200704-0043",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25275"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:57:14.543000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.sap.com/index.epx"
      },
      {
        "title": "SAP RFC Library Trusted_System_Security Repair measures for function information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=163495"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005364"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-153"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-1913"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.cybsec.com/vuln/cybsec-security_advisory_sap_trusted_system_security_rfc_function_information_disclosure.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/23305"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/464669/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/24722"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/2535"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2007/1270"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33423"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1913"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1913"
      },
      {
        "trust": 0.3,
        "url": "http://www.sap.com"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/464669"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13850/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/trial/38/request/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13851/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24722/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cybsec.com/vuln/cybsec-security_advisory_sap_system_create_instance_rfc_function_buffer_overflow.pdf"
      },
      {
        "trust": 0.1,
        "url": "http://www.cybsec.com/vuln/cybsec-security_advisory_sap_rfc_start_gui_rfc_function_buffer_overflow.pdf"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.cybsec.com/vuln/cybsec-security_advisory_sap_rfc_set_reg_server_property_rfc_function_denial_of_service.pdf"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cybsec.com/vuln/cybsec-security_advisory_sap_rfc_start_program_rfc_function_multiple_vulnerabilities.pdf"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-25275"
      },
      {
        "db": "BID",
        "id": "23305"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005364"
      },
      {
        "db": "PACKETSTORM",
        "id": "55699"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-153"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1913"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-25275"
      },
      {
        "db": "BID",
        "id": "23305"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-005364"
      },
      {
        "db": "PACKETSTORM",
        "id": "55699"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-153"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1913"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-04-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25275"
      },
      {
        "date": "2007-04-04T00:00:00",
        "db": "BID",
        "id": "23305"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-005364"
      },
      {
        "date": "2007-04-07T19:35:58",
        "db": "PACKETSTORM",
        "id": "55699"
      },
      {
        "date": "2007-04-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200704-153"
      },
      {
        "date": "2007-04-10T23:19:00",
        "db": "NVD",
        "id": "CVE-2007-1913"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-25275"
      },
      {
        "date": "2007-04-05T19:32:00",
        "db": "BID",
        "id": "23305"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-005364"
      },
      {
        "date": "2021-09-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200704-153"
      },
      {
        "date": "2024-11-21T00:29:27.073000",
        "db": "NVD",
        "id": "CVE-2007-1913"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-153"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP RFC Library Trusted_System_Security Function Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "23305"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-153"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200704-153"
      }
    ],
    "trust": 0.6
  }
}

gsd-2007-1913

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-1913

Aliases

CVE-2007-1913

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-1913",
    "description": "The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010.  NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.",
    "id": "GSD-2007-1913"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-1913"
      ],
      "details": "The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010.  NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.",
      "id": "GSD-2007-1913",
      "modified": "2023-12-13T01:21:39.908543Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-1913",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010.  NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf",
            "refsource": "MISC",
            "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf"
          },
          {
            "name": "23305",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23305"
          },
          {
            "name": "20070404 CYBSEC Pre-Advisory: SAP TRUSTED_SYSTEM_SECURITY RFC Function Information Disclosure",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/464669/100/0/threaded"
          },
          {
            "name": "24722",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24722"
          },
          {
            "name": "sap-rfc-syssecurity-information-disclosure(33423)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33423"
          },
          {
            "name": "ADV-2007-1270",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1270"
          },
          {
            "name": "2535",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/2535"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:os_400:gold:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:os_400:v5r2m0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:racf:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:ia32_64-bit:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:reliant_unix:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:sap:rfc_library:6.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sap:rfc_library:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1913"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010.  NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf"
            },
            {
              "name": "23305",
              "refsource": "BID",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/23305"
            },
            {
              "name": "24722",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24722"
            },
            {
              "name": "2535",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/2535"
            },
            {
              "name": "ADV-2007-1270",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/1270"
            },
            {
              "name": "sap-rfc-syssecurity-information-disclosure(33423)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33423"
            },
            {
              "name": "20070404 CYBSEC Pre-Advisory: SAP TRUSTED_SYSTEM_SECURITY RFC Function Information Disclosure",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/464669/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-09-22T14:22Z",
      "publishedDate": "2007-04-10T23:19Z"
    }
  }
}

fkie_cve-2007-1913

Vulnerability from fkie_nvd

Published

2007-04-10 23:19

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/24722
cve@mitre.org	http://securityreason.com/securityalert/2535
cve@mitre.org	http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf
cve@mitre.org	http://www.securityfocus.com/archive/1/464669/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/23305	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1270
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/33423
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24722
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/2535
af854a3a-2127-422b-91ae-364da2661108	http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/464669/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23305	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1270
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/33423

Impacted products

Vendor	Product	Version
ibm	racf	-
apple	macos	*
hp	hp-ux	*
hp	tru64	*
ibm	aix	*
ibm	os_400	gold
ibm	os_400	v5r2m0
linux	linux_kernel	*
microsoft	windows_server	*
siemens	reliant_unix	*
sun	solaris	*
sap	rfc_library	6.4
sap	rfc_library	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:racf:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFB86546-D066-4FEB-BBAF-91D2DBFA0BE7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C56F007-5F8E-4BDD-A803-C907BCC0AF55",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE64F3F-48F6-493F-A81E-2B106FF73AC1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:os_400:gold:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C665A29-B59C-4425-8B81-9548D2991DE8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:os_400:v5r2m0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E82033E-A936-4321-8E2D-5D545241A62D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:ia32_64-bit:*:*:*:*:*",
              "matchCriteriaId": "4F8CD59E-22A6-4B56-8834-B8A18FBC1A7D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDA0CCC0-F2BE-4AF8-844E-CEA1B276792D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:siemens:reliant_unix:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A2C5456-FF11-403E-B67E-5961278D812A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "469B74F2-4B89-42B8-8638-731E92D463B9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:rfc_library:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C19DAD0-F97F-4AF4-BC33-9150B37A0623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:rfc_library:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDCCEC9C-BCAC-4970-9327-AD9805A5515B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010.  NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n TRUSTED_SYSTEM_SECURITY en la SAP RFC Library 6.40 y 7.00 anterior al 11/12/2006 permite a atacantes remotos verificar la existencia de usuarios y grupos en sistemas y dominios mediante vectores no especificados, una vulnerabilidad diferente que CVE-2006-6010. NOTA: esta informaci\u00f3n est\u00e1 basada en revelaciones iniciales imprecisas. Los detalles ser\u00e1n actualizados cuando termine el periodo de gracia."
    }
  ],
  "id": "CVE-2007-1913",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-04-10T23:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/24722"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2535"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/464669/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/23305"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1270"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/464669/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/23305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33423"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-1913 (GCVE-0-2007-1913)

Vulnerability from cvelistv5

ghsa-rf6q-wrm8-hjq7

Vulnerability from github

var-200704-0043

Vulnerability from variot

gsd-2007-1913

Vulnerability from gsd

fkie_cve-2007-1913

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature