CVE-2007-1913 - OpenCVE

The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Siemens	Reliant Unix
Ibm	Os 400 Racf Aix
Sap	Rfc Library
Microsoft	Windows Server
Hp	Tru64 Hp-ux
Sun	Solaris
Linux	Linux Kernel
Apple	Macos

Configuration 1 [-]

AND

OR	cpe:2.3:a:ibm:racf:-:::::::*
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:hp:hp-ux::::::::
	cpe:2.3:o:hp:tru64::::::::
	cpe:2.3:o:ibm:aix::::::::
	cpe:2.3:o:ibm:os_400:gold:::::::*
	cpe:2.3:o:ibm:os_400:v5r2m0:::::::*
	cpe:2.3:o:linux:linux_kernel:::ia32_64-bit:::::*
	cpe:2.3:o:microsoft:windows_server::::::::
	cpe:2.3:o:siemens:reliant_unix::::::::
	cpe:2.3:o:sun:solaris::::::::

OR	cpe:2.3:a:sap:rfc_library:6.4:::::::*
	cpe:2.3:a:sap:rfc_library:7.0:::::::*

References

Link	Resource
http://secunia.com/advisories/24722
http://securityreason.com/securityalert/2535
http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf
http://www.securityfocus.com/archive/1/464669/100/0/threaded
http://www.securityfocus.com/bid/23305	Vendor Advisory
http://www.vupen.com/english/advisories/2007/1270
https://exchange.xforce.ibmcloud.com/vulnerabilities/33423

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-10T23:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-04-10T00:00:00

Link: CVE-2007-1913

JSON object: View

NVD Information

Status : Modified

Published: 2007-04-10T23:19:00.000

Modified: 2021-09-22T14:22:17.320

Link: CVE-2007-1913

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-04T00:00:00", "descriptions": [{"lang": "en", "value": "The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf"}, {"name": "23305", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23305"}, {"name": "20070404 CYBSEC Pre-Advisory: SAP TRUSTED_SYSTEM_SECURITY RFC Function Information Disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/464669/100/0/threaded"}, {"name": "24722", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24722"}, {"name": "sap-rfc-syssecurity-information-disclosure(33423)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33423"}, {"name": "ADV-2007-1270", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1270"}, {"name": "2535", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2535"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1913", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf", "refsource": "MISC", "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf"}, {"name": "23305", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23305"}, {"name": "20070404 CYBSEC Pre-Advisory: SAP TRUSTED_SYSTEM_SECURITY RFC Function Information Disclosure", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/464669/100/0/threaded"}, {"name": "24722", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24722"}, {"name": "sap-rfc-syssecurity-information-disclosure(33423)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33423"}, {"name": "ADV-2007-1270", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1270"}, {"name": "2535", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2535"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1913", "datePublished": "2007-04-10T23:00:00", "dateReserved": "2007-04-10T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:racf:-:*:*:*:*:*:*:*", "matchCriteriaId": "BFB86546-D066-4FEB-BBAF-91D2DBFA0BE7", "vulnerable": false}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C56F007-5F8E-4BDD-A803-C907BCC0AF55", "vulnerable": false}, {"criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", "vulnerable": false}, {"criteria": "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", "vulnerable": false}, {"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", "vulnerable": false}, {"criteria": "cpe:2.3:o:ibm:os_400:gold:*:*:*:*:*:*:*", "matchCriteriaId": "2C665A29-B59C-4425-8B81-9548D2991DE8", "vulnerable": false}, {"criteria": "cpe:2.3:o:ibm:os_400:v5r2m0:*:*:*:*:*:*:*", "matchCriteriaId": "7E82033E-A936-4321-8E2D-5D545241A62D", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:ia32_64-bit:*:*:*:*:*", "matchCriteriaId": "4F8CD59E-22A6-4B56-8834-B8A18FBC1A7D", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "BDA0CCC0-F2BE-4AF8-844E-CEA1B276792D", "vulnerable": false}, {"criteria": "cpe:2.3:o:siemens:reliant_unix:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A2C5456-FF11-403E-B67E-5961278D812A", "vulnerable": false}, {"criteria": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "469B74F2-4B89-42B8-8638-731E92D463B9", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:sap:rfc_library:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "5C19DAD0-F97F-4AF4-BC33-9150B37A0623", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:rfc_library:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "CDCCEC9C-BCAC-4970-9327-AD9805A5515B", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended."}, {"lang": "es", "value": "La funci\u00f3n TRUSTED_SYSTEM_SECURITY en la SAP RFC Library 6.40 y 7.00 anterior al 11/12/2006 permite a atacantes remotos verificar la existencia de usuarios y grupos en sistemas y dominios mediante vectores no especificados, una vulnerabilidad diferente que CVE-2006-6010. NOTA: esta informaci\u00f3n est\u00e1 basada en revelaciones iniciales imprecisas. Los detalles ser\u00e1n actualizados cuando termine el periodo de gracia."}], "id": "CVE-2007-1913", "lastModified": "2021-09-22T14:22:17.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-10T23:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24722"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2535"}, {"source": "cve@mitre.org", "url": "http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/464669/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/23305"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1270"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33423"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}