{"api_version":"1","generated_at":"2026-05-15T05:22:07+00:00","cve":"CVE-2006-2547","urls":{"html":"https://cve.report/CVE-2006-2547","api":"https://cve.report/api/cve/CVE-2006-2547.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-2547","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-2547"},"summary":{"title":"CVE-2006-2547","description":"Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to \"insecure environment variable\" handling.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-05-23 10:06:00","updated_at":"2018-10-18 16:40:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Local_Privilege_Escalation_in_SAP_sapdba_Command.pdf","name":"http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Local_Privilege_Escalation_in_SAP_sapdba_Command.pdf","refsource":"MISC","tags":["Patch"],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/434534/30/4890/threaded","name":"20060519 CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAPsapdba Command","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1016122","name":"1016122","refsource":"SECTRACK","tags":[],"title":"SAP sapdba Command for Informix Environment Variable Bug Lets Local Users Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26526","name":"sap-sapdba-privilege-escalation(26526)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/1861","name":"ADV-2006-1861","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/18028","name":"18028","refsource":"BID","tags":[],"title":"SAP SAPDBA Local Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://securityreason.com/securityalert/941","name":"941","refsource":"SREASON","tags":[],"title":"CXSecurity - IDS","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046130.html","name":"20060518 CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAP sapdba Command","refsource":"FULLDISC","tags":["Patch"],"title":"[Full-disclosure] CYBSEC - Security Pre-Advisory: Local Privilege\n\tEscalation in SAP sapdba Command","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/20180","name":"20180","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"SAP sapdba Command Insecure Environment Variable Handling - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-2547","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-2547","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"2547","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"sapdba","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"2547","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"sapdba","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-2547","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to \"insecure environment variable\" handling."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ADV-2006-1861","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/1861"},{"name":"20180","refsource":"SECUNIA","url":"http://secunia.com/advisories/20180"},{"name":"http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Local_Privilege_Escalation_in_SAP_sapdba_Command.pdf","refsource":"MISC","url":"http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Local_Privilege_Escalation_in_SAP_sapdba_Command.pdf"},{"name":"sap-sapdba-privilege-escalation(26526)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26526"},{"name":"1016122","refsource":"SECTRACK","url":"http://securitytracker.com/id?1016122"},{"name":"20060518 CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAP sapdba Command","refsource":"FULLDISC","url":"http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046130.html"},{"name":"20060519 CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAPsapdba Command","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/434534/30/4890/threaded"},{"name":"941","refsource":"SREASON","url":"http://securityreason.com/securityalert/941"},{"name":"18028","refsource":"BID","url":"http://www.securityfocus.com/bid/18028"}]}},"nvd":{"publishedDate":"2006-05-23 10:06:00","lastModifiedDate":"2018-10-18 16:40:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sap:sapdba:*:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"2547","Ordinal":"17859","Title":"CVE-2006-2547","CVE":"CVE-2006-2547","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"2547","Ordinal":"1","NoteData":"Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to \"insecure environment variable\" handling.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"2547","Ordinal":"2","NoteData":"2006-05-23","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"2547","Ordinal":"3","NoteData":"2018-10-18","Type":"Other","Title":"Modified"}]}}}