CVE-2006-6346

Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/23262
http://securityreason.com/securityalert/1985
http://securitytracker.com/id?1017341
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf
http://www.securityfocus.com/archive/1/453560/100/0/threaded
http://www.securityfocus.com/bid/21448
http://www.vupen.com/english/advisories/2006/4863
https://exchange.xforce.ibmcloud.com/vulnerabilities/30766
http://secunia.com/advisories/23262
http://securityreason.com/securityalert/1985
http://securitytracker.com/id?1017341
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf
http://www.securityfocus.com/archive/1/453560/100/0/threaded
http://www.securityfocus.com/bid/21448
http://www.vupen.com/english/advisories/2006/4863
https://exchange.xforce.ibmcloud.com/vulnerabilities/30766

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:internet_graphics_server::::::::
	cpe:2.3:a:sap:internet_graphics_server::::::::

History

21 Nov 2024, 00:22

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/23262 -~~	() http://secunia.com/advisories/23262 -
References	~~() http://securityreason.com/securityalert/1985 -~~	() http://securityreason.com/securityalert/1985 -
References	~~() http://securitytracker.com/id?1017341 -~~	() http://securitytracker.com/id?1017341 -
References	~~() http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf -~~	() http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf -
References	~~() http://www.securityfocus.com/archive/1/453560/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/453560/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/21448 -~~	() http://www.securityfocus.com/bid/21448 -
References	~~() http://www.vupen.com/english/advisories/2006/4863 -~~	() http://www.vupen.com/english/advisories/2006/4863 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/30766 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/30766 -

Information

Published : 2006-12-07 01:28

Updated : 2025-04-09 00:30

NVD link : CVE-2006-6346

Mitre link : CVE-2006-6346

CVE.ORG link : CVE-2006-6346

JSON object : View

Products Affected

sap

internet_graphics_server

CWE

NVD-CWE-Other

{"id": "CVE-2006-6346", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-12-07T01:28:00.000", "references": [{"url": "http://secunia.com/advisories/23262", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1985", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017341", "source": "cve@mitre.org"}, {"url": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/453560/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21448", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4863", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30766", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23262", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/1985", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1017341", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Undocumented_Features.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/453560/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/21448", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/4863", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30766", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to \"Undocumented Features.\" NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134."}, {"lang": "es", "value": "Vulnerabilidad no especificada SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 y anteriores, y 7.00 Patchlevel 3 y anteriores, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (apagado de servicio), obtener informaci\u00f3n sensible (ficheros de configuraci\u00f3n), y llevar a cabo otras actividades no autorizadas, relacionado con \"Caracter\u00edsticas no Documentadas\". NOTA: es posible que haya muchas versiones para esta vulnerabilidad. Esta informaci\u00f3n est\u00e1 basada en una revelaci\u00f3n inicial imprecisa. Los detalles ser\u00e1n actualizados cuando termine el periodo de gracia. Este es probablemente un asunto diferente que CVE-2006-4134."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:internet_graphics_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBA20BFA-179D-4970-8E97-405DB891E3C5", "versionEndIncluding": "6.40_patch_15"}, {"criteria": "cpe:2.3:a:sap:internet_graphics_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F942FE1D-B9AE-41CA-B738-57A1D2E4095F", "versionEndIncluding": "7.00_patch_3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

10.0 /10